Recommended Posts

My pc got caught up with an extension malware .sarut and all my ppt files and txt file are no longer working. all of my project work is like gone. its seriously very imp

please help me fix this issue as I cant find any utility with the extension name .sarut to deal with it.

Thank You!

Screenshot (6).png
Download Image

Share this post


Link to post
Share on other sites

It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like  one of our experts to review them.

Share this post


Link to post
Share on other sites

hellhound08

Upload the ransom note _readme.txt here.

 

This is new variant of STOP Ransomware

There is a STOP Decrypter, but about official support for this variant has not yet been reported.

Now is the weekend. Wait for a response from the support service soon. 

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

Today the STOPDecrypter has been updated with the support of the .sarut extension
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip 

This is correct, however keep in mind that it will only decrypt a victim's files if they have an offline ID. For anyone with an ID that was generated while the ransomware was connected to its command and control servers, they will have to wait for an alternate solution. Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files.

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files.

Such a nuance was a long time ago. After that, Michael changed the StopDecrypter so that he could not damage the files under no action. :)

There even a warning should appear. 

 

README.txt

Share this post


Link to post
Share on other sites
14 hours ago, Amigo-A said:

Such a nuance was a long time ago. After that, Michael changed the StopDecrypter so that he could not damage the files under no action. :)

I'll talk to him about that, as I was under the impression that files could still be corrupted if someone tried to force STOPDecrypter to use an incorrect decryption key.

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

I'll talk to him about that

Yes, I also want to know about it. For now, I recommend victims to take copies of files for the decryption test (I corrected several messages to make these corrections). According to my observations, the victims are still trying to decrypt the files without this recommendation.

Share this post


Link to post
Share on other sites
16 hours ago, GT500 said:

I'll talk to him about that, as I was under the impression that files could still be corrupted if someone tried to force STOPDecrypter to use an incorrect decryption key.

i have the same problem of ransomware sarut and i have setup a new windows after this problem ... is that a false step !!
is there any hope for recovering my files !? 

Share this post


Link to post
Share on other sites
20 hours ago, Amigo-A said:

Yes, I also want to know about it.

He said that while he did add detection to try to keep people from using keys that are not correct for their encrypted files, he also said that it is technically still possible to get the decrypter to allow you to enter an incorrect key and end up with corrupted files. Nothing is completely foolproof, after all. ;)

  • Thanks 1

Share this post


Link to post
Share on other sites
19 hours ago, GT500 said:

Nothing is completely foolproof, after all.

Yes. Caution does not hurt.

Thank you! 

Share this post


Link to post
Share on other sites

Please help
i have the same problem of ransomware sarut and i have setup a new windows after this problem ... is that a false step !!
is there any hope for recovering my files !? 

Share this post


Link to post
Share on other sites
On 5/11/2019 at 7:22 AM, moha said:

... is that a false step !!

Most ransomware will delete itself after encrypting your files.

As for reinstalling Windows, or reformatting a drive with data effected by ransomware, there are cases where this can permanently prevent decryption of files. Fortunately, this is not the case with variants of the STOP/Djvu ransomware, as long as you still have copies of all of your encrypted files and the ransom notes.

 

On 5/11/2019 at 7:22 AM, moha said:

is there any hope for recovering my files !?

Yes, there is hope, however please note that for now you'll have to wait for a little bit before it's possible.

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.