Maz2bi 0 Report post Posted June 1, 2019 Its a variant of .djvu ransomware. I have already used STOP decrypter. It is ineffective against online attack of the virus. Its only decrypts if the virus came from offline resources. Shadow Explorer also failed to produce desired results. Please help me or notify me whenever a solution is there. My business files are encrypted. I am stuck. My business is a standstill. I would be thankful to you all. Sample encrypted files are attached. Mazen Shams CEO, Cunning Paws RVing with Dogs..docx.radman Cunning Paws.pptx.radman Cunning Paws with tagline.png.radman Quote Share this post Link to post Share on other sites
GT500 646 Report post Posted June 3, 2019 Can you run STOPDecrypter again and post the information from the log here? There are instructions at the following link:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
litumaxa 0 Report post Posted June 3, 2019 [+] Loaded 36 offline keys Selected directory: F:\LITU\MY PIC Starting decryption... [+] File: F:\LITU\MY PIC\FG1A7056.jpg.radman [-] No key for ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman ) [+] File: F:\LITU\MY PIC\FG1A7102.JPG.radman [-] No key for ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman ) Decrypted 0 files! Skipped 2 files. [!] No keys were found for the following IDs: [*] ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 40:8D:5C:BD:CD:B8 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 646 Report post Posted June 4, 2019 20 hours ago, litumaxa said: [-] No key for ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman ) That looks like an offline ID. Unfortunately the maker of STOPDecrypter still doesn't have the offline key for the .radman variant of STOP/Djvu. Do you mind if we check to see if there's a copy of it on your computer? We can check with FRST. You can find instructions for downloading and running FRST at the following link:https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning. Quote Share this post Link to post Share on other sites
GT500 646 Report post Posted October 19, 2019 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
.thumb.JPG.89460834602ae9127ef5e8769df9ae44.JPG)