Sign in to follow this  
Ducky

Ransomware

Recommended Posts

all my file is lock with (.zobm)

Result:

We have identified "STOP (Djvu)". This ransomware is decryptable! This ransomware is still under analysis. This ransomware may be decryptable under certain circumstances. This ransomware is not decryptable!

Please refer to the appropriate topic for more information. Samples of encrypted files and suspicious files may be needed for continued investigation.

Please refer to the appropriate guide for more information.

Identified by:

  • ransomnote_email: [email protected]
  • sample_extension: .zobm
  • sample_bytes: [0x2C528 - 0x2C542] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D

Click here for more information about STOP (Djvu).

Case number: 8f4ce705254736b58b711004eb527571b53369141575393991

Share this post


Link to post
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.