Ricardo Landivar

.NPSG EXTENSION RANSOMWARE VIRUS

Recommended Posts

(stop-norvas-ransomware.jpg?w=696&ssl=1

Hello everyone.

I had a problem with this ID (.nspg), cuz your program doesn´t have i guess so. The thing is my client download a virus who has a ransomware, which encrypted every personal archives she has. (here is the .txt) I need help plz:)

 

 

 

Share this post


Link to post
Share on other sites

Hello @Ricardo Landivar,

 

Thank you for contacting Emsisoft Support.

NPSG is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool.  Despite that, I would like for you to run the STOP/DJVU decryption tool anyway.  That will accomplish a couple of things.  First, it will deactivate and remove any malware that was installed by the ransomware.  This will prevent new files from being encrypted and will prevent re-encryption if files are restored from a backup.  Second, the decryption tool will determine the ID of the encrypted files.  Any ID ending in t1 is an Offline ID anything else is an Online ID.  This is important as it tells us how the encryption key was generated.  There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection.  An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file.  An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.

Why is this important?  The ID of the file(s) is how private encryption keys are identified.  If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s).  However, this is all contingent on us having a matching private encryption key in our database.  The downside of all this is that we are not currently in possession of private encryption keys for the NPSG variant of STOP/DJVU.

To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

Share this post


Link to post
Share on other sites
9 hours ago, Dewa Ariandy said:

hello, my file .npsk I had a problem with this ID (.nspk), please help

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Hey guys i think  i might have found something of help here. I have been affected by the .npsk ransomware extension with an offline ID. But i discovered that I can still open the encrypted files. So you do it this way. Select the encrypted file you want to open then on the Tab at the top you select "Open" and you choose the application you want to open the file with. For example for a file encrypted like this "example.txt.npsk" just oopen with Notepad and voila it can open. So you have to do this for each individual file depending on the application you used to open it with. This might work in the run as we wait our efficient Emsisoft to come up with the Decryption keys. Hope this helps a comrade out there.

Cheers

Share this post


Link to post
Share on other sites
22 hours ago, Blessing said:

But i discovered that I can still open the encrypted files.

That will work with some files. The ransomware only encrypted a small portion of the beginning of each file, and some file formats are tolerant of corruption of parts of the file, and thus you can still open them with only a portion of the data being missing or corrupt.

It's important to note that a lot of common file formats will complete break when the beginning of the file is corrupted, damaged, or encrypted. This is why this only works with some types of files.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.