Recommended Posts

It seems my pc got an online id ransomware from STOP in the form of NOSU format, some of my files become that format. I don't find any soluttion for this, should i reinstalled?

Share this post


Link to post
Share on other sites

It's not necessary to reinstall Windows, as most Anti-Virus software will remove the STOP/Djvu ransomware, including our free (for home/non-commercial use) Emsisoft Emergency Kit.

Granted you can reinstall if you'd like to. I recommend making a backup of your encrypted files first, so that you can keep them somewhere safe in case they can be decrypted at some point in the future.

  • Upvote 1

Share this post


Link to post
Share on other sites
8 minutes ago, GT500 said:

It's not necessary to reinstall Windows, as most Anti-Virus software will remove the STOP/Djvu ransomware, including our free (for home/non-commercial use) Emsisoft Emergency Kit.

Granted you can reinstall if you'd like to. I recommend making a backup of your encrypted files first, so that you can keep them somewhere safe in case they can be decrypted at some point in the future.

I decided to reinstall windows, any tips and advice to prevent this happening again on the future? Thank you.

Share this post


Link to post
Share on other sites
2 hours ago, Amigo-A said:

Attach a ransom note to your message. Do not change anything.

Sadly i already do a fresh install, therefore the _readme file is gone. Anyway it's just the usual ransom text with the ID at the end.

Share this post


Link to post
Share on other sites

Can you clarify that the files received the NOSU or NOOS or NOSE extension?

Of course, we know what "STOP Ransomware" ransom notes look like, but we want to clarify which option you had. New or old. 

Here and in various forums, we saw how people name extensions differently if their native language is different from English.

Share this post


Link to post
Share on other sites
On 1/19/2020 at 2:00 AM, Vezor said:

I decided to reinstall windows, any tips and advice to prevent this happening again on the future? Thank you.

First and foremost, always make sure you have the latest security updates for everything (especially Windows and your web browsers). Also, if you have plugins/extension installed for your web browsers that you don't use or don't really need, then uninstall them. Especially Adobe Flash, Java, and Adobe Acrobat Reader as those are probably the three most exploited plugins in existence. Note that if you need to keep Java, but don't need the plugin for your web browser, you can configure Java settings to disable Java in your web browsers.

Use a paid Anti-Virus software. Most of them have free trials, so feel free to find one you like. We offer a 30-day free trial of Emsisoft Anti-Malware if you'd like to try it.

Don't download anything from sources you don't know you can trust. STOP/Djvu usually comes from pirated software and fake movie and music downloads, however there are other threats that come from many different sources (fake/malicious e-mails, ads in websites, shady download sites, compromised websites, etc).

Always use an ad blocker in your web browser. We usually recommend uBlock Origin since it tends to be more efficient. Note that it only officially supports Firefox, Google Chrome, and Opera (although there is a third-party port for Microsoft Edge and the Google Chrome version works in Vivaldi).

Make regular backups of all files, however keep in mind that if the computer has access to the backups then so does the ransomware. For that reason, I always recommend saving backups on some sort of removable media (USB flash drives, USB hard drives, tape drives, etc) so that you can leave the backups disconnected when not in use. Note that most companies that have a backup policy that involves using removable media also use multiple drives, that way they can use a different drive for their backups every day (at least for a few days until they start over again with the first drive). Also note that many consider cloud storage to be a good alternative as well, however there have been cases where criminals have compromised systems to manually infect them with ransomware, and have logged in to the cloud backup system and manually deleted all backups, so this method isn't necessarily the safest either.

 

You can find more security tips at the following links:

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

First and foremost, always make sure you have the latest security updates for everything (especially Windows and your web browsers). Also, if you have plugins/extension installed for your web browsers that you don't use or don't really need, then uninstall them. Especially Adobe Flash, Java, and Adobe Acrobat Reader as those are probably the three most exploited plugins in existence. Note that if you need to keep Java, but don't need the plugin for your web browser, you can configure Java settings to disable Java in your web browsers.

Use a paid Anti-Virus software. Most of them have free trials, so feel free to find one you like. We offer a 30-day free trial of Emsisoft Anti-Malware if you'd like to try it.

Don't download anything from sources you don't know you can trust. STOP/Djvu usually comes from pirated software and fake movie and music downloads, however there are other threats that come from many different sources (fake/malicious e-mails, ads in websites, shady download sites, compromised websites, etc).

Always use an ad blocker in your web browser. We usually recommend uBlock Origin since it tends to be more efficient. Note that it only officially supports Firefox, Google Chrome, and Opera (although there is a third-party port for Microsoft Edge and the Google Chrome version works in Vivaldi).

Make regular backups of all files, however keep in mind that if the computer has access to the backups then so does the ransomware. For that reason, I always recommend saving backups on some sort of removable media (USB flash drives, USB hard drives, tape drives, etc) so that you can leave the backups disconnected when not in use. Note that most companies that have a backup policy that involves using removable media also use multiple drives, that way they can use a different drive for their backups every day (at least for a few days until they start over again with the first drive). Also note that many consider cloud storage to be a good alternative as well, however there have been cases where criminals have compromised systems to manually infect them with ransomware, and have logged in to the cloud backup system and manually deleted all backups, so this method isn't necessarily the safest either.

 

You can find more security tips at the following links:

I believe I got infected by a sketchy website I'm visiting, I used to enabled adblock all the time but nowadays I kind of turn it on and off I'm going to start using it again. I'll check out the antivirus, thanks for the advice.

Share this post


Link to post
Share on other sites

@Vezor

@NKK

If the extortionists did not change the details (most likely - no, did not change), then the new samples with offline ID, like last year’s, should end with t1.

You have suffered from an international ransomware called "STOP Ransomware". 
Previously,  could decrypt files using a "STOP-Djvu Decrypter".

Then it was redesigned and a new "Emsisoft STOP Decryptor" was created on its basis.

This link contains detailed instructions and a link to download the Emsisoft STOP Decryptor. But he is not yet configured to decrypt files after the attack of new variants with .kodc and .nosu extensions.

Share this post


Link to post
Share on other sites
17 hours ago, Amigo-A said:

@Vezor

@NKK

If the extortionists did not change the details (most likely - no, did not change), then the new samples with offline ID, like last year’s, should end with t1.

You have suffered from an international ransomware called "STOP Ransomware". 
Previously,  could decrypt files using a "STOP-Djvu Decrypter".

Then it was redesigned and a new "Emsisoft STOP Decryptor" was created on its basis.

This link contains detailed instructions and a link to download the Emsisoft STOP Decryptor. But he is not yet configured to decrypt files after the attack of new variants with .kodc and .nosu extensions.

Thank god i already backed up my files, thank you for the assistance.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.