GT500 593 Report post Posted November 6 That means it's an ID we don't have in our database. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
mioc 0 Report post Posted November 6 Where can I get an online ID to unlock the decryption? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 7 9 hours ago, mioc said: Where can I get an online ID to unlock the decryption? You can't. ID's are assigned by the ransomware when it encrypts your files. If it can connect to its command and control servers then it asks the servers for a random ID and public key (an online ID and key) for encryption. If it can't connect to its command and control servers, then it uses a built-in ID and public key (and offline ID and key) for encryption. Quote Share this post Link to post Share on other sites
mioc 0 Report post Posted November 8 how do you disconnect the command and control server? please help me to be able to open the lock offline thanks you Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 9 8 hours ago, mioc said: how do you disconnect the command and control server? It's too late. Your files are already encrypted. Quote Share this post Link to post Share on other sites
mioc 0 Report post Posted November 10 (edited) I have a problem. error: Remote name could not be resolved: 'decrypter. emisoft.com ' Edited November 12 by GT500 Removed pasted web page. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 12 You may need to reset your HOSTS file back to default. Microsoft has information about how to do that at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted November 12 There are known methods of malicious attacks when naive recommendations from Microsoft look like game 'Toy Trains'. The 'hosts' file can simply be deleted manually, if the user himself has never used it to ban certain sites. Only after that, the malicious program will not be able to reuse it and will not create a new file. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 13 21 hours ago, Amigo-A said: The 'hosts' file can simply be deleted manually, if the user himself has never used it to ban certain sites. Doing this may break some applications that use the HOSTS file for blocking bad websites, however beyond this it shouldn't have any negative side effects, and it is safe to delete the HOSTS file if you aren't using it to block bad websites. Quote Share this post Link to post Share on other sites
