SniperSpider

My files are encrypted by Nakw.

By SniperSpider, in Help, my files are encrypted!

Recommended Posts

SniperSpider    0

SniperSpider
Posted

My files have being infected by NAKW virus. currently i have 2 drives C and D and from what i was able to see the C drive is safe but a lot of the data in D drive has been encrypted. i decided to download the decryptor application from emsisoft and decided to run it for the whole night but when i check the next day all of the files were having this error"Error: The remote name could not be resolved: 'decrypter.emsisoft.com'"and"Error: Access to the path 'C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\BD8225BB-0000-0000-0000-30F974000000-0.bin' is denied.". my personal id doesnt end with ti it ends with an

car.jpg.nakw

Share this post

Link to post
Share on other sites

SniperSpider    0

SniperSpider
Posted

another question while browsing through how to get rid of nakw and restore my files someone said that u should system restore to a date before the infection i guess i have a good idea when my pc got infected so is that a good option or will my files still be encrypted

Share this post

Link to post
Share on other sites

Amigo-A    109

Amigo-A
Posted

Hello

Attach also 2-3 encrypted files and the ransom note to your message.

---

Very often, shadow copies of files and recovery points are deleted or may be infected.

Share this post

Link to post
Share on other sites

SniperSpider    0

SniperSpider
Posted

here are some encrypted files. one more thing i noticed in d drive i have 6 folders. one is about old pc data one is for my games and rest is for each of my family member. other than games one all other folders in d drive got encrypted(even the games in my folder but nothing in the game folder was touched)

car.jpg.nakw _readme.txt pics.jpg.nakw abc.html.nakw

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted

This is a newer variant of STOP/Djvu. Since you have an online ID, it won't be possible to recover your files at this time. We recommend making a backup of any encrypted files, as there is a possibility that law enforcement may catch the criminals at some point in the future and release their database of keys for use in a decrypter.

You can see more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

SniperSpider    0

SniperSpider
Posted

earlier i decided to go to the https://wetransfer.com/downloads/397a45aada35a4ddad80d26bf035440320191029100751/3859e1 (the one given in the ransom note stating that it was a vid of decrytor tool overview) and it said files deleted in 5 days. i didnt look much into it thinking that it was just a scare tactic and now it says 19 hours. so i guess it means that in 19 hours all the encrypted files are going to be deleted so any suggestions or should i just wait for them to be deleted. luckily all the important files were backed up just some random stuff wasnt backed up.

Share this post

Link to post
Share on other sites

Amigo-A    109

Amigo-A
Posted

Now the situation is different with the new STOP Ransomware variants:
.gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec,

Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files.

To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. 

Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world.

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
16 hours ago, SniperSpider said:

so i guess it means that in 19 hours all the encrypted files are going to be deleted

I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files.

If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it:
https://www.emsisoft.com/en/home/emergencykit/

Share this post

Link to post
Share on other sites

SniperSpider    0

SniperSpider
Posted
On 11/5/2019 at 12:37 PM, GT500 said:

I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files.

If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it:
https://www.emsisoft.com/en/home/emergencykit/

sorry for wrong info i read that wrong. by 5 days and 19 hours they meant the video and not my files

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted

Oh, you mean the file on WeTransfer. It's normal for WeTransfer to delete files after a few days. Their service is intended for one-time file sharing, and they don't keep shared files for more than a week (at least not for free).

If it is a video showing their decrypter working, then its intention is to reassure you that paying the ransom will get your files back. The reality is that even if they send you video "proof", they don't actually have to send you a working decrypter. Granted I would believe the decrypter they send victims does usually work OK, and even if it doesn't then as long as they sent you the correct private key then we can add it to our database for our decrypter. Regardless, we don't recommend paying them money, or even contacting them yourself.

Share this post

Link to post
Share on other sites

dede    0

dede
Posted

File: C:\Autodesk\Revit_2020_G1_Win_64bit_dlm\3rdParty\x86\VCRedist\2012\vcredist_x86.exe.righ
Error: The remote name could not be resolved: 'decrypter.emsisoft.com'

 

I already use emsisoft descryptor but still error sir. please help me

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
20 hours ago, dede said:

Error: The remote name could not be resolved: 'decrypter.emsisoft.com'

Make sure the computer is connected to the Internet, and that no security software is blocking the decrypter from connecting to our website.

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
12 hours ago, Andray said:

this is really a disaster ransomware .

It's certainly not good, but there have been far worse.

Share this post

Link to post
Share on other sites

demo    0

demo
Posted (edited)

Error Unable to decrypt file with ID: ILj8ISAIxiRXs7Ol2l4xMdWdTlPx3IXcTgN61ft1
 

Replay How Can I Decrypt File?????

Edited by demo

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
12 hours ago, demo said:

Error Unable to decrypt file with ID: ILj8ISAIxiRXs7Ol2l4xMdWdTlPx3IXcTgN61ft1

This is a newer variant of STOP/Djvu. You have an offline ID, so once we can find the decryption key for this variant and add it to our database you should be able to recover your files.There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
On 1/26/2020 at 2:01 AM, Marlos said:

All the files in my computer has. topi at the end can't access them

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

On 1/27/2020 at 1:17 AM, Koushik Sarkar said:

Unable to decrypt Old Variant ID: TFWvuXdTDsDlooSdOumAFwqNtV4gkQJtuZg6jIvJ
First 5 bytes: FFD8FFE000

Assuming the variant is .nakw then this is a bug in the decrypter causing it to say it's an Old Variant. This is actually a new variant, and this bug has been fixed in version 1.0.0.4, however please note that this bug had no effect on decryption of files and neither will the fix. Your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
17 hours ago, Koushik Sarkar said:

Any other way to decrypt kodc file?

The only way to decrypt is with the private key that was generated when your files were encrypted. This private key is in the possession of the criminals who made/distributed the ransomware, and only they have access to it.

Share this post

Link to post
Share on other sites

Saravanan    0

Saravanan
Posted

Hi,

I am Unable to decrypt file with ID: 0223yiuduy6S5dHXrY0WMqvNQvSwO4TneG0C9cVMtVYLf0bH8uYft1  

How Can I Decrypt File?????

Could you please help......

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-BxcdyO2dt7
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0223yiuduy6S5dHXrY0WMqvNQvSwO4TneG0C9cVMtVYLf0bH8uYft1

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
15 hours ago, Saravanan said:

Your personal ID:
0223yiuduy6S5dHXrY0WMqvNQvSwO4TneG0C9cVMtVYLf0bH8uYft1

This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
22 hours ago, Manjunath Joshi said:

My personal ID:
0236yiuduy6S5dXfqqeqDOzNxuflACZ2CIVO7ggyvnaCEMc6SvZGuL

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.