Sami7264 0 Report post Posted October 21 I got attacked by STOP Djvu ransomeware after installing a software from online.. My files are encrypted with '.werd' extension. Maybe this is the new variant. Please help me. Will I be ever able to recover my files? I don't want them now. I just want to know maybe in the future will i be able to recover? if there is any expert, please let me know.And tell me what to do in this situation. Should i make backups of those encrypted files? I changed my passwords of various accounts. Cleared my browser. And stopped the cleanup software.I have submitted the source file to EMSISOFT. Quote Share this post Link to post Share on other sites
sakurock 0 Report post Posted October 21 (edited) Sama ka minuga Minu failid on krüptitud laiendiga .werd. sorry, my mistake Same with me. My files are encrypted with the .werd extension. hiiu kaubamaja.jpg.werd _readme.txt Edited October 21 by sakurock Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 21 Hello It will be better if you be use the Google translator to translate into English. https://translate.google.com/ Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 21 .werd - this is new variant of STOP Ransomware At the moment, the new decryptor does not support new variants for which keys and decryption methods are not found. Perhaps this will change soon. Quote Share this post Link to post Share on other sites
Demonslay335 12 Report post Posted October 24 With it being New Djvu, your files will only be decryptable for free if they were encrypted by the offline key once we acquire it. If the decryptor reports your files have the ID ZioGB1sCYacbrJajtnJKEUKt6xYM3QPgwAPNAwt1, then they were encrypted by the offline key, and thus possibly decryptable in the future. Otherwise, it is an online key, and there is nothing we will be able to do to help since only the criminals have your online key(s). Quote Share this post Link to post Share on other sites