saeed

Emsisoft Decryptor for STOP Djvu

Recommended Posts

You need to check if Microsoft Visual C ++ 2013 Redistributable (or newer) is installed on the your system.

For x64 systems, you must first install the package for x64, then for x86. For x86 systems install only the package for x86. 

It can be installed from here:

https://www.microsoft.com/en-us/download/details.aspx?id=40784

https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

res.png.c5b07d2f191da7e7447616a15ba7e912.png
Download Image

 

Share this post


Link to post
Share on other sites

Perhaps there are not enough rights. If there are local or group policy restrictions (manual or software settings), then the program will not be able to start.
It can also be a consequence of a viral or trojan infection. What anti-virus protection do you use?

Share this post


Link to post
Share on other sites
On 11/2/2019 at 5:02 AM, saeed said:

software can not run on windows7 sp1 , what to do??please

It should run fine on Windows 7 SP1. It does require a newer version of the .NET framework than ships with Windows 7, and it will require that you install Windows Updates. If the update that adds SHA-2 hash support for Windows 7 is not installed, then not only will our software fail to run on your computer, but any newer software from other companies who have had their SHA-1 code signing certificates expire will also fail to run on your computer.

You can get the latest version of the .NET framework from the following link:
https://dotnet.microsoft.com/download/dotnet-framework

Share this post


Link to post
Share on other sites
On 11/5/2019 at 10:57 AM, GT500 said:

It should run fine on Windows 7 SP1. It does require a newer version of the .NET framework than ships with Windows 7, and it will require that you install Windows Updates. If the update that adds SHA-2 hash support for Windows 7 is not installed, then not only will our software fail to run on your computer, but any newer software from other companies who have had their SHA-1 code signing certificates expire will also fail to run on your computer.

You can get the latest version of the .NET framework from the following link:
https://dotnet.microsoft.com/download/dotnet-framework

Finally, this software worked, but I got this error.
Error: Unable to decrypt file with ID: DUWAvz8BR0S7O1sRPuRYj9bZyB5ly6IROOGhlBDc

Share this post


Link to post
Share on other sites

i am having same problem

 Error: Unable to decrypt file with ID: oFBbal4Jk8pPb3XpvIgz1MjZ4f9frsropT3q0sKV....... what can i do?

is there no way to bring my files back?😭    HELP ME PLZ~!!!:blush:

Share this post


Link to post
Share on other sites

@saeed and @AZAD you both have online ID's. Without knowing whether your files were encrypted by an older or newer variant of STOP/Djvu, I can't tell you whether or not your files will be recoverable. If it's an older variant then you just have to supply file pairs to our submission form. If it's a newer variant, then there's nothing we can do.

The information at the following link should help you determine that:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
On 11/14/2019 at 12:38 PM, GT500 said:

@saeed and @AZAD you both have online ID's. Without knowing whether your files were encrypted by an older or newer variant of STOP/Djvu, I can't tell you whether or not your files will be recoverable. If it's an older variant then you just have to supply file pairs to our submission form. If it's a newer variant, then there's nothing we can do.

The information at the following link should help you determine that:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

sir how can i submit my files ?

Share this post


Link to post
Share on other sites
On 11/16/2019 at 8:54 AM, AZAD said:

sir how can i submit my files ?

You can submit file pairs for our decryption service at the following link:
https://decrypter.emsisoft.com/submit/stopdjvu/

That being said, submitting files with names that end in .derp will not help, as that's a newer variant and its encryption can't be broken. We'd need to actually have the private key for the decrypter to decrypt your files, and right now this is only possible if you have an offline ID and we have already found the private key for that variant.

Share this post


Link to post
Share on other sites

Hello @UMESH VASHISTHA

Thank you for contacting Emsisoft Support.

BBOO is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool.  Despite that, I would like for you to run the STOP/DJVU decryption tool anyway.  That will accomplish a couple of things.  First, it will deactivate and remove any malware that was installed by the ransomware.  This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup.  Second, the decryption tool will determine the ID of the encrypted files.  Any ID ending in t1 is an Offline ID anything else is an Online ID.  This is important as it tells us how the encryption key was generated.  There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection.  An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file.  An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.

Why is this important?  The ID of the file(s) is how private encryption keys are identified.  If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s).  However, this is all contingent on us having a matching private encryption key in our database.  The downside of all this is that we are not currently in possession of private encryption keys for the BBOO variant of STOP/DJVU.

NOTE:  We have added Offline IDs for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches the ones in our database, then our decryption tool will be able to decrypt those files.

To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.