Jump to content

.sarut extension malware


Recommended Posts

My pc got caught up with an extension malware .sarut and all my ppt files and txt file are no longer working. all of my project work is like gone. its seriously very imp

please help me fix this issue as I cant find any utility with the extension name .sarut to deal with it.

Thank You!

Screenshot (6).png

Link to comment
Share on other sites

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Link to comment
Share on other sites

8 hours ago, Amigo-A said:

Today the STOPDecrypter has been updated with the support of the .sarut extension
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip 

This is correct, however keep in mind that it will only decrypt a victim's files if they have an offline ID. For anyone with an ID that was generated while the ransomware was connected to its command and control servers, they will have to wait for an alternate solution. Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files.

Link to comment
Share on other sites

7 hours ago, GT500 said:

Attempting to decrypt files when the decrypter isn't able to find a key for your ID will result in corrupt files.

Such a nuance was a long time ago. After that, Michael changed the StopDecrypter so that he could not damage the files under no action. :)

There even a warning should appear. 

 

README.txt

Link to comment
Share on other sites

14 hours ago, Amigo-A said:

Such a nuance was a long time ago. After that, Michael changed the StopDecrypter so that he could not damage the files under no action. :)

I'll talk to him about that, as I was under the impression that files could still be corrupted if someone tried to force STOPDecrypter to use an incorrect decryption key.

Link to comment
Share on other sites

3 hours ago, GT500 said:

I'll talk to him about that

Yes, I also want to know about it. For now, I recommend victims to take copies of files for the decryption test (I corrected several messages to make these corrections). According to my observations, the victims are still trying to decrypt the files without this recommendation.

Link to comment
Share on other sites

16 hours ago, GT500 said:

I'll talk to him about that, as I was under the impression that files could still be corrupted if someone tried to force STOPDecrypter to use an incorrect decryption key.

i have the same problem of ransomware sarut and i have setup a new windows after this problem ... is that a false step !!
is there any hope for recovering my files !? 

Link to comment
Share on other sites

20 hours ago, Amigo-A said:

Yes, I also want to know about it.

He said that while he did add detection to try to keep people from using keys that are not correct for their encrypted files, he also said that it is technically still possible to get the decrypter to allow you to enter an incorrect key and end up with corrupted files. Nothing is completely foolproof, after all. ;)

  • Thanks 1
Link to comment
Share on other sites

On 5/11/2019 at 7:22 AM, moha said:

... is that a false step !!

Most ransomware will delete itself after encrypting your files.

As for reinstalling Windows, or reformatting a drive with data effected by ransomware, there are cases where this can permanently prevent decryption of files. Fortunately, this is not the case with variants of the STOP/Djvu ransomware, as long as you still have copies of all of your encrypted files and the ransom notes.

 

On 5/11/2019 at 7:22 AM, moha said:

is there any hope for recovering my files !?

Yes, there is hope, however please note that for now you'll have to wait for a little bit before it's possible.

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Link to comment
Share on other sites

  • 5 months later...

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...