Hankash 0 Report post Posted January 16 Good Day, I have been attacked by a ransomware, and my files have the .kuub extension, can you please assist. Thank you in advance. Elie Quote Share this post Link to post Share on other sites
Kevin Zoll 306 Report post Posted January 16 Hello @Hankash, Welcome to the Emsisoft Support Forums. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated recently, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice. Quote Share this post Link to post Share on other sites
Hankash 0 Report post Posted January 17 Thank you for your reply, The files were encrypted on the second of Oct. 2019. I guess hopeless. Do you think or know of any data recovery software that might be able to recover the data, maybe after format. Thank you in advance. Best Elie Quote Share this post Link to post Share on other sites
Kevin Zoll 306 Report post Posted January 17 @Hankash You can try using file recovery software, but expect it not to work. Depending on how much free space you have on your hard drive and the number of files that were encrypted it is entirely possible that any information referencing the original files in the file table has been overwritten and is not recoverable. Google search for file recovery software: https://www.google.com/search?client=firefox-b-1-d&q=file+recovery+software Google search for file recovery services: https://www.google.com/search?client=firefox-b-1-d&sxsrf=ACYBGNSlNFFV6G2BIbARhVNhb18Tter8UA%3A1579285173036&ei=tfohXpnrAcvbtAbfvbLQBA&q=file+recovery+services&oq=file+recovery+services&gs_l=psy-ab.3..0j0i22i30l7.76551.78286..79147...0.6..0.220.1201.0j7j1......0....1..gws-wiz.......0i71j0i67.9gMOHjKNupk&ved=0ahUKEwjZmfPdn4vnAhXLLc0KHd-eDEoQ4dUDCAo&uact=5 A word of caution file/data recovery services can be quite expensive. Another option is using a service like coveware to negotiate a lower ransom on your behalf. https://www.coveware.com/ Quote Share this post Link to post Share on other sites
