Infected with werd.extension ransomware (STOP Djvu)

Recommended Posts

I got attacked by STOP Djvu ransomeware after installing a software from online.. My files are encrypted with '.werd' extension. Maybe this is the new variant. Please help me. Will I be ever able to recover my files? I don't want them now. I just want to know maybe in the future will i be able to recover?  if there is any expert, please let me know.And tell me what to do in this situation. Should i make backups of those encrypted files? I changed my passwords of various accounts. Cleared my browser. And stopped the cleanup software.I have submitted the source file to EMSISOFT.

Share this post

Link to post
Share on other sites

With it being New Djvu, your files will only be decryptable for free if they were encrypted by the offline key once we acquire it.

If the decryptor reports your files have the ID ZioGB1sCYacbrJajtnJKEUKt6xYM3QPgwAPNAwt1, then they were encrypted by the offline key, and thus possibly decryptable in the future. Otherwise, it is an online key, and there is nothing we will be able to do to help since only the criminals have your online key(s).

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.