mahmo

I am one of the victims of the (.guvara) ransomeware

Recommended Posts

please help me 

I am one of the victims of the (.guvara) ransomeware

so if any one know how to decrypt this or any way to restore my files kindly help me

Thank you 

Share this post


Link to post
Share on other sites

This is a new version of STOP-Djvu Ransomware

You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer
Only there are collected all the requests and cases where the decrypting failed. 
You need to carefully read the first post of the topic to find out what you need to provide. 

If you do not want to read there, provide the following information:

1) the extension on your encrypted files;
2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!);
3) personal ID from a ransom note or attach a this text file to your message;
4)  ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter.

But at the moment STOPDecrypter your extension does not support. 

Therefore, your message should be left there as soon as possible.

 

  • Like 1

Share this post


Link to post
Share on other sites

If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). 

Do not write both addresses! Determine exactly. This is not difficult.
It is necessary for you more, than for the developer of STOPDecrypter.
Such common errors lead to the fact that files cannot be decrypted.

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link:
https://kb.gt500.org/stopdecrypter

 

On 4/14/2019 at 8:55 PM, Amigo-A said:

This is a new version of STOP-Djvu Ransomware

You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer
Only there are collected all the requests and cases where the decrypting failed. 
You need to carefully read the first post of the topic to find out what you need to provide. 

If you do not want to read there, provide the following information:

1) the extension on your encrypted files;
2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!);
3) personal ID from a ransom note or attach a this text file to your message;
4)  ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter.

But at the moment STOPDecrypter your extension does not support. 

Therefore, your message should be left there as soon as possible.

 

.guvara

Your personal ID:
065btydsljfhsFf81PxYfUZxMhnQiibgFdsZ1rQ5zmaZdp0I9Ufbm9w


ID: 81PxYfUZxMhnQiibgFdsZ1rQ5zmaZdp0I9Ufbm9w (.guvara )

MAC: 34:F6:4B:0D:89:96

Share this post


Link to post
Share on other sites

I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.

Thank you very much, I really appreciate that. And i wish you all the the success to figure out the decryption key.

Share this post


Link to post
Share on other sites

mahmo

In this case, we only help the victims who were attacked by this Ransomware and simplify data collection to Michael (dev STOPDecrypter).  

Now STOP Ransomware is the most active malware and crypto-ransomware. Masshtab of spread - for all countries.

  • Like 1

Share this post


Link to post
Share on other sites

I don't know if that will help or not but i can upload to you a normal  or original file before and after been encrypted to (.guvara)

Share this post


Link to post
Share on other sites

mahmo

A pair of files (encrypted and original) for new versions of STOP Ransomware are not needed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.