hiral 0 Report post Posted July 21, 2019 Hello, Today my PC infected with ransomware and the file got encrypted with extension .gusua. Please help me with files how do i access my files.Please help... Thank you. Quote Share this post Link to post Share on other sites
Amigo-A 124 Report post Posted July 21, 2019 Quote extension .gusau Hello @Dheeraj This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .gusau extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
Dheeraj 0 Report post Posted July 21, 2019 no it did not work Quote Share this post Link to post Share on other sites
Amigo-A 124 Report post Posted July 21, 2019 Attach a ransom note _readme.txt to your message. Do not change anything. This should be the original. Quote Share this post Link to post Share on other sites
arifinritonga 0 Report post Posted July 22, 2019 ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-JBwR4re7bR Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Mark Data Restore Your personal ID: 119Asd3768237IhsdfkJ1gULNhQ2LQSxjDn4VT9YiYooR7tH2nl7UxFuvq Quote Share this post Link to post Share on other sites
fandisoraja 0 Report post Posted July 23, 2019 my pc infected gusau ransomware, can someone help me? lampiran hukum online.xlsx.gusau Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted July 23, 2019 On 7/21/2019 at 1:36 PM, Dheeraj said: no it did not work What didn't work? 1 hour ago, fandisoraja said: my pc infected gusau ransomware, can someone help me? That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Share this post Link to post Share on other sites
GT500 788 Report post Posted October 19, 2019 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
