SniperSpider 0 Posted November 1, 2019 Report Share Posted November 1, 2019 My files have being infected by NAKW virus. currently i have 2 drives C and D and from what i was able to see the C drive is safe but a lot of the data in D drive has been encrypted. i decided to download the decryptor application from emsisoft and decided to run it for the whole night but when i check the next day all of the files were having this error"Error: The remote name could not be resolved: 'decrypter.emsisoft.com'"and"Error: Access to the path 'C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\BD8225BB-0000-0000-0000-30F974000000-0.bin' is denied.". my personal id doesnt end with ti it ends with an car.jpg.nakw Quote Link to post Share on other sites
SniperSpider 0 Posted November 1, 2019 Author Report Share Posted November 1, 2019 another question while browsing through how to get rid of nakw and restore my files someone said that u should system restore to a date before the infection i guess i have a good idea when my pc got infected so is that a good option or will my files still be encrypted Quote Link to post Share on other sites
Amigo-A 136 Posted November 1, 2019 Report Share Posted November 1, 2019 Hello Attach also 2-3 encrypted files and the ransom note to your message. --- Very often, shadow copies of files and recovery points are deleted or may be infected. Quote Link to post Share on other sites
SniperSpider 0 Posted November 1, 2019 Author Report Share Posted November 1, 2019 here are some encrypted files. one more thing i noticed in d drive i have 6 folders. one is about old pc data one is for my games and rest is for each of my family member. other than games one all other folders in d drive got encrypted(even the games in my folder but nothing in the game folder was touched) car.jpg.nakw _readme.txt pics.jpg.nakw abc.html.nakw Quote Link to post Share on other sites
GT500 853 Posted November 2, 2019 Report Share Posted November 2, 2019 This is a newer variant of STOP/Djvu. Since you have an online ID, it won't be possible to recover your files at this time. We recommend making a backup of any encrypted files, as there is a possibility that law enforcement may catch the criminals at some point in the future and release their database of keys for use in a decrypter. You can see more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
SniperSpider 0 Posted November 4, 2019 Author Report Share Posted November 4, 2019 earlier i decided to go to the https://wetransfer.com/downloads/397a45aada35a4ddad80d26bf035440320191029100751/3859e1 (the one given in the ransom note stating that it was a vid of decrytor tool overview) and it said files deleted in 5 days. i didnt look much into it thinking that it was just a scare tactic and now it says 19 hours. so i guess it means that in 19 hours all the encrypted files are going to be deleted so any suggestions or should i just wait for them to be deleted. luckily all the important files were backed up just some random stuff wasnt backed up. Quote Link to post Share on other sites
Amigo-A 136 Posted November 4, 2019 Report Share Posted November 4, 2019 Now the situation is different with the new STOP Ransomware variants: .gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec, Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files. To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world. Quote Link to post Share on other sites
GT500 853 Posted November 5, 2019 Report Share Posted November 5, 2019 16 hours ago, SniperSpider said: so i guess it means that in 19 hours all the encrypted files are going to be deleted I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files. If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it:https://www.emsisoft.com/en/home/emergencykit/ Quote Link to post Share on other sites
SniperSpider 0 Posted November 6, 2019 Author Report Share Posted November 6, 2019 On 11/5/2019 at 12:37 PM, GT500 said: I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files. If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it:https://www.emsisoft.com/en/home/emergencykit/ sorry for wrong info i read that wrong. by 5 days and 19 hours they meant the video and not my files Quote Link to post Share on other sites
GT500 853 Posted November 7, 2019 Report Share Posted November 7, 2019 Oh, you mean the file on WeTransfer. It's normal for WeTransfer to delete files after a few days. Their service is intended for one-time file sharing, and they don't keep shared files for more than a week (at least not for free). If it is a video showing their decrypter working, then its intention is to reassure you that paying the ransom will get your files back. The reality is that even if they send you video "proof", they don't actually have to send you a working decrypter. Granted I would believe the decrypter they send victims does usually work OK, and even if it doesn't then as long as they sent you the correct private key then we can add it to our database for our decrypter. Regardless, we don't recommend paying them money, or even contacting them yourself. Quote Link to post Share on other sites
dede 0 Posted December 12, 2019 Report Share Posted December 12, 2019 File: C:\Autodesk\Revit_2020_G1_Win_64bit_dlm\3rdParty\x86\VCRedist\2012\vcredist_x86.exe.righ Error: The remote name could not be resolved: 'decrypter.emsisoft.com' I already use emsisoft descryptor but still error sir. please help me Quote Link to post Share on other sites
GT500 853 Posted December 13, 2019 Report Share Posted December 13, 2019 20 hours ago, dede said: Error: The remote name could not be resolved: 'decrypter.emsisoft.com' Make sure the computer is connected to the Internet, and that no security software is blocking the decrypter from connecting to our website. Quote Link to post Share on other sites
Andray 0 Posted December 13, 2019 Report Share Posted December 13, 2019 this is really a disaster ransomware . Quote Link to post Share on other sites
GT500 853 Posted December 14, 2019 Report Share Posted December 14, 2019 12 hours ago, Andray said: this is really a disaster ransomware . It's certainly not good, but there have been far worse. Quote Link to post Share on other sites
demo 0 Posted December 16, 2019 Report Share Posted December 16, 2019 (edited) Error : Unable to decrypt file with ID: ILj8ISAIxiRXs7Ol2l4xMdWdTlPx3IXcTgN61ft1 Replay How Can I Decrypt File????? Edited December 16, 2019 by demo Quote Link to post Share on other sites
GT500 853 Posted December 17, 2019 Report Share Posted December 17, 2019 12 hours ago, demo said: Error : Unable to decrypt file with ID: ILj8ISAIxiRXs7Ol2l4xMdWdTlPx3IXcTgN61ft1 This is a newer variant of STOP/Djvu. You have an offline ID, so once we can find the decryption key for this variant and add it to our database you should be able to recover your files.There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Marlos 0 Posted January 26, 2020 Report Share Posted January 26, 2020 All the files in my computer has. topi at the end can't access them Quote Link to post Share on other sites
Koushik Sarkar 0 Posted January 27, 2020 Report Share Posted January 27, 2020 Unable to decrypt Old Variant ID: TFWvuXdTDsDlooSdOumAFwqNtV4gkQJtuZg6jIvJ First 5 bytes: FFD8FFE000 Quote Link to post Share on other sites
GT500 853 Posted January 28, 2020 Report Share Posted January 28, 2020 On 1/26/2020 at 2:01 AM, Marlos said: All the files in my computer has. topi at the end can't access them This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ On 1/27/2020 at 1:17 AM, Koushik Sarkar said: Unable to decrypt Old Variant ID: TFWvuXdTDsDlooSdOumAFwqNtV4gkQJtuZg6jIvJ First 5 bytes: FFD8FFE000 Assuming the variant is .nakw then this is a bug in the decrypter causing it to say it's an Old Variant. This is actually a new variant, and this bug has been fixed in version 1.0.0.4, however please note that this bug had no effect on decryption of files and neither will the fix. Your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Koushik Sarkar 0 Posted January 28, 2020 Report Share Posted January 28, 2020 Any other way to decrypt kodc file? Quote Link to post Share on other sites
GT500 853 Posted January 29, 2020 Report Share Posted January 29, 2020 17 hours ago, Koushik Sarkar said: Any other way to decrypt kodc file? The only way to decrypt is with the private key that was generated when your files were encrypted. This private key is in the possession of the criminals who made/distributed the ransomware, and only they have access to it. Quote Link to post Share on other sites
Saravanan 0 Posted May 29, 2020 Report Share Posted May 29, 2020 Hi, I am Unable to decrypt file with ID: 0223yiuduy6S5dHXrY0WMqvNQvSwO4TneG0C9cVMtVYLf0bH8uYft1 How Can I Decrypt File????? Could you please help...... ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-BxcdyO2dt7 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0223yiuduy6S5dHXrY0WMqvNQvSwO4TneG0C9cVMtVYLf0bH8uYft1 Quote Link to post Share on other sites
GT500 853 Posted May 30, 2020 Report Share Posted May 30, 2020 15 hours ago, Saravanan said: Your personal ID: 0223yiuduy6S5dHXrY0WMqvNQvSwO4TneG0C9cVMtVYLf0bH8uYft1 This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Manjunath Joshi 0 Posted June 29, 2020 Report Share Posted June 29, 2020 My personal ID: 0236yiuduy6S5dXfqqeqDOzNxuflACZ2CIVO7ggyvnaCEMc6SvZGuL Last GuL.. which encrypt software i can use my All Files Converted .MOBA Quote Link to post Share on other sites
GT500 853 Posted June 30, 2020 Report Share Posted June 30, 2020 22 hours ago, Manjunath Joshi said: My personal ID: 0236yiuduy6S5dXfqqeqDOzNxuflACZ2CIVO7ggyvnaCEMc6SvZGuL This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Wellington 0 Posted September 8, 2020 Report Share Posted September 8, 2020 Olá ontem dia 06 do 09 de 2020 meu PC sofreu esse ataque eles criptografaram meus arquivos em uma extensão KASP não consigo abrilos é já estou usando o descryptet já tentei off line não da certo aparece o erro O NOME REMOTO NAO PPDE SER RESOLVIDO é com a internet diz que no key for new variant online ID me ajudem por favor Quote Link to post Share on other sites
GT500 853 Posted September 8, 2020 Report Share Posted September 8, 2020 3 hours ago, Wellington said: Olá ontem dia 06 do 09 de 2020 meu PC sofreu esse ataque eles criptografaram meus arquivos em uma extensão KASP não consigo abrilos é já estou usando o descryptet já tentei off line não da certo aparece o erro O NOME REMOTO NAO PPDE SER RESOLVIDO é com a internet diz que no key for new variant online ID me ajudem por favor Try following the instructions at the link below to reset your HOSTs file back to default:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Tradução fornecida pelo Google: Tente seguir as instruções no link abaixo para redefinir seu arquivo HOSTs de volta ao padrão:https://support.microsoft.com/pt-br/help/972034/how-to-reset-the-hosts-file-back-to-the-default Quote Link to post Share on other sites
Ghassan 0 Posted September 9, 2020 Report Share Posted September 9, 2020 hello my ID shows offline I have .VARI extension, every time I use the tool Emsisoft Decryptor for STOP Djvu I receive a message, Error: The remote name could not be resolved : " decryptor.emsisoft.com" what do you advise me to do? Quote Link to post Share on other sites
GT500 853 Posted September 10, 2020 Report Share Posted September 10, 2020 21 hours ago, Ghassan said: Error: The remote name could not be resolved : " decryptor.emsisoft.com" Try the instructions at the following link to reset your HOSTS file back to default:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Quote Link to post Share on other sites
Exercutive 0 Posted September 13, 2020 Report Share Posted September 13, 2020 I have the same error: the remote name could not be resolved. I have an offline iD but still no luck. Are we to just sit tight and wait?? If yes, when and how do we know things are updated. And also, do I need internet connection before running the app?? (offline ID) Quote Link to post Share on other sites
GT500 853 Posted September 15, 2020 Report Share Posted September 15, 2020 On 9/13/2020 at 6:10 PM, Exercutive said: I have the same error: the remote name could not be resolved. Please try the instructions at the following link to reset your HOSTS file:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default On 9/13/2020 at 6:10 PM, Exercutive said: I have an offline iD but still no luck. Are we to just sit tight and wait?? We get private keys for offline ID's when a victim with an offline ID pays the ransom and donates their private key to us. When or if that happens isn't predictable. I recommend making a backup of your encrypted files for now, that way you don't have to worry about anything else happening to them while you're waiting for someone to donate the private key for your offline ID to us. On 9/13/2020 at 6:10 PM, Exercutive said: If yes, when and how do we know things are updated. I recommend running the decrypter once every week or two, and when it starts decrypting files then you'll know we have the private key for your offline ID. It's possible that private keys being added to our database may be mentioned in the STOP ransomware support topic at BleepingComputer, however the vast majority of the posts there are just people asking for help:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ On 9/13/2020 at 6:10 PM, Exercutive said: And also, do I need internet connection before running the app?? Yes, the decrypter will not work without an Internet connection. It must be able to connect to our servers, as all information about ID's and keys are stored in an online database on our servers. Quote Link to post Share on other sites
BrunoRenan7 0 Posted November 24, 2020 Report Share Posted November 24, 2020 .ROGER.sglh [[email protected]]. ROGER.sglh Erro: Sem chave para nova variante iD on-line: 2YS10B8kWx0NsvXv5vkuv6sCb8kJbXK8GJlVtXj9 Aviso: este ID parece ser um ID online, descriptografia é impossível Alguém conseguiu? Quote Link to post Share on other sites
GT500 853 Posted November 25, 2020 Report Share Posted November 25, 2020 11 hours ago, BrunoRenan7 said: Sem chave para nova variante iD on-line: 2YS10B8kWx0NsvXv5vkuv6sCb8kJbXK8GJlVtXj9 Aviso: este ID parece ser um ID online, descriptografia é impossível This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Esta é uma variante mais recente de STOP / Djvu, e sua ID é uma ID online, portanto, atualmente não há como descriptografar seus arquivos. Há mais informações no seguinte link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
Gio54321 0 Posted December 1, 2020 Report Share Posted December 1, 2020 This is what the decryptor software shows when i tried to test it on my files: Error: No key for New Variant online ID: kn8LgHP2mRdsx1e4aMMKSH6hTu4ERHfH8do79YFm Notice: this ID appears to be an online ID, decryption is impossible ----- Is this a hopeless case? Are there any ways to recover my files? If not, should I reformat my laptop and delete all files? My laptop has recently been infected by the .lisp ransomware and I've searched some steps to fix it but it's not working. Well fortunately, I might have deleted the virus (i think so) but still, my files are encrypted. I might reset the whole system but I have questions. 1. If i connected the unit to the wifi network, will it infect the network or propagate via wifi? I have read one article that the unit must be isolated even by wifi so i really dont know if it will infect the network 2. I need to recover some of my files. They're very important to me and my career. I'm thinking of uploading them to my drive but will in infect the system or network? 3. I don't have any available external drives as of now, but if plugged in a flash drive or any drive, will it be infected also? 4. Can my files be recovered??? I'm really hoping they could still be recovered for free. 5. If i reset the unit back to a factory state, will the virus be eradicated? Hoping for some answers. Thank you. Quote Link to post Share on other sites
GT500 853 Posted December 2, 2020 Report Share Posted December 2, 2020 15 hours ago, Gio54321 said: No key for New Variant online ID: kn8LgHP2mRdsx1e4aMMKSH6hTu4ERHfH8do79YFm Notice: this ID appears to be an online ID, decryption is impossible This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ 15 hours ago, Gio54321 said: If not, should I reformat my laptop and delete all files? Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:https://www.bleepingcomputer.com/feed/ 15 hours ago, Gio54321 said: 1. If i connected the unit to the wifi network, will it infect the network or propagate via wifi? I have read one article that the unit must be isolated even by wifi so i really dont know if it will infect the network If the ransomware is still running on the computer, it is may be capable of encrypting files on network shares. Beyond that, there should be no danger in connecting it to the Internet. 15 hours ago, Gio54321 said: 2. I need to recover some of my files. They're very important to me and my career. I'm thinking of uploading them to my drive but will in infect the system or network? Encrypted files contain no malicious code, and are not capable of infecting another computer. 15 hours ago, Gio54321 said: 3. I don't have any available external drives as of now, but if plugged in a flash drive or any drive, will it be infected also? I am not aware of this particular ransomware spreading via USB flash drives, however Windows has by default had autorun disabled for a long time (more than a decade if I am not mistaken), so this sort of thing will only happen if you manually execute a malicious file that is on a USB flash drive. If you're just browsing files in File Explorer, then there is no danger. 15 hours ago, Gio54321 said: 5. If i reset the unit back to a factory state, will the virus be eradicated? It will reset Windows to defaults, preventing the ransomware from running on startup. Unless it also deletes all data on your computer, then the recovery won't delete the ransomware. Keep in mind that this ransomware is extremely easy to remove (our decrypter stops it from running), and most Anti-Virus software can detect it. You can run a scan with Emsisoft Emergency Kit (free Anti-Virus scanner for home/personal use) if you want a second opinion:https://www.emsisoft.com/en/home/emergencykit/ Quote Link to post Share on other sites
Prathamesh Sarjerao Vaidya 0 Posted December 16, 2020 Report Share Posted December 16, 2020 On 12/13/2019 at 11:40 AM, GT500 said: Make sure the computer is connected to the Internet, and that no security software is blocking the decrypter from connecting to our website. Will this help us in decrypting ? Please answer my questions Quote Link to post Share on other sites
GT500 853 Posted December 17, 2020 Report Share Posted December 17, 2020 12 hours ago, Prathamesh Sarjerao Vaidya said: Will this help us in decrypting ? Please answer my questions If your files have an offline ID and we have the private key for whatever variant of STOP/Djvu encrypted your files, then yes. Otherwise, all it will tell you is that it can't decrypt your files, and it will tell you the ID each file has and whether it is online or offline. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.