m.fedawi 0 Posted November 13, 2019 Report Share Posted November 13, 2019 Can I ask for the tool that ransomware makers sends once the victim pays? as the video they sent attached I've noticed that the tool file that they send only needs the key to resolve all files infected files. I attached the read me note file, I also have some files in both before and after encryption does it help? as my understanding i found that the id is somehow related to the key, i think they have made it in same programming algorithm so they have to be encrypting all files with same key per user , is that true? _readme.txt Quote Link to post Share on other sites
GT500 860 Posted November 14, 2019 Report Share Posted November 14, 2019 This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
m.fedawi 0 Posted November 14, 2019 Author Report Share Posted November 14, 2019 Thank you GT500 , I appreciate your kind reply and hope you guys find a solution for it soon, so anybody have a copy of the ransomware makers fix tool? Quote Link to post Share on other sites
GT500 860 Posted November 15, 2019 Report Share Posted November 15, 2019 18 hours ago, m.fedawi said: so anybody have a copy of the ransomware makers fix tool? We do occasionally get a copy of them. I can assure you that they won't be of any help. The ransomware's command and control servers will generate random public and private keys for each computer that gets infected by STOP/Djvu. Public keys are sent to the ransomware running on the infected computers to be used in encryption, and the private keys (which are required for decryption) are stored in a database on the server and never sent to the infected computers. When someone pays the ransom, they only send the private key for the ID assigned to that victim's computer by the ransomware. This means that the decryption tool sent by the criminals to victims who have paid the ransom is only capable of decrypting files for a single computer. Quote Link to post Share on other sites
Galih 0 Posted January 3, 2020 Report Share Posted January 3, 2020 Hai Emsisoft, Did you have decriptor for .meka ransmoware? I just uploading my encrypted file and original file to https://decrypter.emsisoft.com/submit/stopdjvu/. How long you can update your decryptor? Thanks for your attenttion.. From Your Customer. Galih Quote Link to post Share on other sites
GT500 860 Posted January 4, 2020 Report Share Posted January 4, 2020 23 hours ago, Galih said: Hai Emsisoft, Did you have decriptor for .meka ransmoware? I just uploading my encrypted file and original file to https://decrypter.emsisoft.com/submit/stopdjvu/. How long you can update your decryptor? This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ 1 Quote Link to post Share on other sites
Galih 0 Posted January 6, 2020 Report Share Posted January 6, 2020 My Id end with ME not t1, it means i have an online ID 😔 So, i just have to delete all my Data that Encrypted than start new life :') Thank you Emsisoft Quote Link to post Share on other sites
GT500 860 Posted January 7, 2020 Report Share Posted January 7, 2020 On 1/5/2020 at 8:32 PM, Galih said: So, i just have to delete all my Data that Encrypted than start new life :') My recommendation is to make a backup of your encrypted files in case they can be decrypted at some point in the future. Also, feel free to file a report with law enforcement, which will help them better understand the impact of this ransomware and better prioritize their investigation into the criminals behind it:https://www.nomoreransom.org/en/report-a-crime.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.