Jump to content

Recommended Posts

Can I ask for the tool that ransomware makers sends once the victim pays?

as the video they sent attached I've noticed that the tool  file that they send only needs the key to resolve all files infected files.

I attached the read me note file,  I also have some files in both before and after encryption does it help? 


as my understanding i found that the id is somehow related to the key, i think they have made it in same programming algorithm so they have to be encrypting all files with same key per user , is that true?


Link to post
Share on other sites
18 hours ago, m.fedawi said:

so anybody have a  copy of  the ransomware makers fix tool?

We do occasionally get a copy of them. I can assure you that they won't be of any help. The ransomware's command and control servers will generate random public and private keys for each computer that gets infected by STOP/Djvu. Public keys are sent to the ransomware running on the infected computers to be used in encryption, and the private keys (which are required for decryption) are stored in a database on the server and never sent to the infected computers.

When someone pays the ransom, they only send the private key for the ID assigned to that victim's computer by the ransomware. This means that the decryption tool sent by the criminals to victims who have paid the ransom is only capable of decrypting files for a single computer.

Link to post
Share on other sites
  • 1 month later...
23 hours ago, Galih said:

Hai Emsisoft, Did you have decriptor for .meka ransmoware? I just uploading my encrypted file and original file to https://decrypter.emsisoft.com/submit/stopdjvu/. How long you can update your decryptor?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:

  • Like 1
Link to post
Share on other sites
On 1/5/2020 at 8:32 PM, Galih said:

So, i just have to delete all my Data that Encrypted than start new life :')

My recommendation is to make a backup of your encrypted files in case they can be decrypted at some point in the future. Also, feel free to file a report with law enforcement, which will help them better understand the impact of this ransomware and better prioritize their investigation into the criminals behind it:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...