manjunath

Files got encrypted with DERP extension

Recommended Posts

Sir

I tried to decrypt the file with latest STOP djvu tool and got the below message. Please advice how to Decrypt the the file.

Starting...

File: D:\AIMSR\backupsettings.conf.derp
Error: Unable to decrypt file with ID: lTKcWFGiMexfflgVI8Wexen2feaqqthjrJKGlIdv

Finished!
 

Share this post


Link to post
Share on other sites
13 hours ago, manjunath said:

Sir

I tried to decrypt the file with latest STOP djvu tool and got the below message. Please advice how to Decrypt the the file.

Starting...

File: D:\AIMSR\backupsettings.conf.derp
Error: Unable to decrypt file with ID: lTKcWFGiMexfflgVI8Wexen2feaqqthjrJKGlIdv

Finished!
 

I have read the following article :

Based on that article , I understand that we have to make an encrypted backup on a CLOUD storage driver for our safety. Then , we have to wait for new solutions and updates for removing and decrypting the .derp files.

  • Like 1

Share this post


Link to post
Share on other sites

@manjunath and @Baliitsolutions this is a newer variant of STOP/Djvu, and both of you have online ID's, which means that there is currently no way to recover your files. We recommend making a backup of any encrypted files and waiting, as it is possible that law enforcement may catch the criminals at some point and release their database of keys for use in decrypters.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, GT500 said:

@manjunath and @Baliitsolutions this is a newer variant of STOP/Djvu, and both of you have online ID's, which means that there is currently no way to recover your files. We recommend making a backup of any encrypted files and waiting, as it is possible that law enforcement may catch the criminals at some point and release their database of keys for use in decrypters.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Hello Employer EMNISOFT GT500 ,

  I want to ask you if we can track the ip and the e-mail ransomwares.

I am Graduate of Computer Science in T.E.I. THESSALY of GREECE.  So , I found the IP of a past invasion at a system of Company "EUROPEAN CAR CENTRAL" on VOLOS using tracking models and softwares in the case of my work at JUNE 2019.

May I help you in this direction?

 

I will help you for releasing their databases keys.

 

Have a nice weekend ,

 

  Pavlos Pseftoyiannis

Share this post


Link to post
Share on other sites

Now the situation is different with the new STOP Ransomware variants:
.gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec,

Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files.

To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. 

Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world.

Share this post


Link to post
Share on other sites
On 11/2/2019 at 6:57 AM, PavlosP1987 said:

I want to ask you if we can track the ip and the e-mail ransomwares.

We know the IP's the criminals have used for their command and control servers (they actually do keep them protected), and there is no need to track IP's as STOP/Djvu infections normally come from pirated software (or fake music and movie downloads) rather than from RDP compromise or something similar.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.