Recommended Posts

Good Day,

Yesterday 17 November 2019 my PC has infected by .grod ransomware.

I have upload readme.txt and encrypted file sample to EMSISOFT.

Is there any possibilities for EMSISOFT help me to recover all infected files in my PC?  

In readme.txt, :

Your personal ID:
0183Asd374y5iuhldN3ciuQQTPo2ZnFc6q7a5IEFR7ENxftWAP1OF11QZ

Kindest regards,

Andri

Share this post


Link to post
Share on other sites

just yesterday, I have the same problem to you!!! all of files are coded with .grod😭

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-7YSRbcuaMa
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0183Asd374y5iuhldDoXEmzjFbDvMZLlwVLWYrKIANkd5PHkHC4Lzysu7

Share this post


Link to post
Share on other sites

i also receive the same type of infection.

However my id end with t1.

 

 here is my ransom note

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-7YSRbcuaMa
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0183Asd374y5iuhldiZ1FTeiW8COdbYDg0LHDvOexxHtIkmkP2tleMnt1

Share this post


Link to post
Share on other sites
19 hours ago, Amigo-A said:

This is new variant of STOP-Djvu Ransomware + the versions numbers

There are many variants, but everything has a common problem - can only decrypt files that were encrypted offline, this is not possible immediately, but only after the key database is updated. Need wait some days.

i find the files which located in  "computer>D:>Program Files>WeiChat>WeChat Files>myWeChatAccount>Files“ are good! all of these files can be opened! ps, WeiChat is an APP which like MSN.

I hope this situation can help us decrypt this virus.

Share this post


Link to post
Share on other sites
5 hours ago, lianghu said:

i find the files which located in  "computer>D:>Program Files>WeiChat>WeChat Files>myWeChatAccount>Files“ are good! all of these files can be opened! ps, WeiChat is an APP which like MSN.

I hope this situation can help us decrypt this virus.

You mean all the files are recovered?

Share this post


Link to post
Share on other sites
14 minutes ago, Humaidi Rizqi A.S. said:

You mean all the files are recovered?

no no no, just not be encrpted.maybe the virus failed to encrpt these files (BUG exists in virus?). i want to offer this informatin for expert in order to help him decrypt this virus.

Share this post


Link to post
Share on other sites

@Andri R Fattah and @lianghu This is a newer variant of STOP/Djvu, and your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

@Humaidi Rizqi A.S. your ID is an offline ID. Once we find the private key for .grod we'll add it to our database, and then our decrypter should be able to recover your files. You can see more information at the same link (it should cover most common questions).

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

@Andri R Fattah and @lianghu This is a newer variant of STOP/Djvu, and your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

@Humaidi Rizqi A.S. your ID is an offline ID. Once we find the private key for .grod we'll add it to our database, and then our decrypter should be able to recover your files. You can see more information at the same link (it should cover most common questions).

that's mean, even if the private key for .grod had got and added to database, the newest decrypter cannot decrypt my files( because it's online ID)?😭

Share this post


Link to post
Share on other sites
10 hours ago, lianghu said:

that's mean, even if the private key for .grod had got and added to database, the newest decrypter cannot decrypt my files( because it's online ID)?😭

Correct. When STOP/Djvu can connect to its command and control servers, the servers will generate unique public and private keys for your ID. The public key is then used to encrypt files, and the private key is kept on the server. Since newer versions of STOP/Djvu use a form of RSA encryption which is secure against attacks, this ensures that the only way to decrypt the files is for victims to pay the ransom.

Offline ID's and public keys are used by STOP/Djvu when it can't connect to its command and control servers, and are the same for every computer infected by the same variant of STOP/Djvu. This is why one private key can be used to decrypt any files which have an offline ID, once we find the private key and add it to our database.

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

Correct. When STOP/Djvu can connect to its command and control servers, the servers will generate unique public and private keys for your ID. The public key is then used to encrypt files, and the private key is kept on the server. Since newer versions of STOP/Djvu use a form of RSA encryption which is secure against attacks, this ensures that the only way to decrypt the files is for victims to pay the ransom.

Offline ID's and public keys are used by STOP/Djvu when it can't connect to its command and control servers, and are the same for every computer infected by the same variant of STOP/Djvu. This is why one private key can be used to decrypt any files which have an offline ID, once we find the private key and add it to our database.

thanks for your detail answer.

i'm afraid if i pay the ransom, they doesn't give the key to me either😰

Share this post


Link to post
Share on other sites
23 hours ago, lianghu said:

i'm afraid if i pay the ransom, they doesn't give the key to me either😰

There's always that possibility, however I would believe that the criminals behind STOP/Djvu have been reasonably good about giving victims working decryption tools and private keys when they pay.

Share this post


Link to post
Share on other sites
On 11/19/2019 at 8:34 PM, GT500 said:

@Andri R Fattah and @lianghu This is a newer variant of STOP/Djvu, and your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

@Humaidi Rizqi A.S. your ID is an offline ID. Once we find the private key for .grod we'll add it to our database, and then our decrypter should be able to recover your files. You can see more information at the same link (it should cover most common questions).

When I can expect you guys come up with the .grod Decrypter for offline keys? Thank you for the reply and respond!

Share this post


Link to post
Share on other sites
17 hours ago, Humaidi Rizqi A.S. said:

When I can expect you guys come up with the .grod Decrypter for offline keys? Thank you for the reply and respond!

No separate decrypter will be made.

For offline ID's, we can simply add the keys to our database as soon as we find them, and then the decrypter will be able to use them. The database is on our servers, so no updates to the decrypter are needed.

For online ID's, since we currently have no way of obtaining the private keys for these, we can't add them to our database.

Share this post


Link to post
Share on other sites

my computer also attacked by .grod ransomware.

My personal id is 0183Asd374y5iuhldkvvsBRXP42W05Xatm50JKePC82TAS5SpmCyPDOAg.

Is it possible to decrypt the files using stop Djavu???

Share this post


Link to post
Share on other sites
20 hours ago, Raja said:

My personal id is 0183Asd374y5iuhldkvvsBRXP42W05Xatm50JKePC82TAS5SpmCyPDOAg.

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.