titox

Infected with aprobably online variant of .JOPE is there any Hope?

Recommended Posts

Hi, I´ve got infected and now have all my files encrypted with .jope extensions.

I ve restored the system (windows 7 32bits) to a previous point and nothing else, system is working fine now. I know malware files are still here. And I have the infected executable I (as a fool) used to infect my self.

Emisoft decryptor tell me this

No key for New Variant online ID: yjDEQLAHuJgHylGeqJcrXlr5xNoveo6F7ZSX8Xre
Notice: this ID appears to be an online ID, decryption is impossible

So, what can I Do?

I need some .docx I was working on.. 

trying to recover (old) deleted versions may help?

should i run a malware cleaner or defender to clean the infected files that sil should be there? 

thanks ..

Share this post


Link to post
Share on other sites
18 hours ago, titox said:

trying to recover (old) deleted versions may help?

In theory that may help recover a few files, however success with file recovery software is fairly rare.

 

18 hours ago, titox said:

should i run a malware cleaner or defender to clean the infected files that sil should be there? 

Yes. The STOP/Djvu ransomware is a little abnormal in the fact that it leaves behind a component that not only runs on startup to encrypt new files, but also runs every so many minutes to encrypt new files.

Emsisoft Emergency Kit can detect and remove it, and is free for personal/home use:
https://www.emsisoft.com/en/home/emergencykit/

Share this post


Link to post
Share on other sites
19 hours ago, GT500 said:

In theory that may help recover a few files, however success with file recovery software is fairly rare.

 

Yes. The STOP/Djvu ransomware is a little abnormal in the fact that it leaves behind a component that not only runs on startup to encrypt new files, but also runs every so many minutes to encrypt new files.

Emsisoft Emergency Kit can detect and remove it, and is free for personal/home use:
https://www.emsisoft.com/en/home/emergencykit/

I see.. hopeless now I`ll scan the disk with the kit

thank you

Share this post


Link to post
Share on other sites

I habe several encrypted document and files and their original (non encrypted) counterpart.. 

Could this serve to make a decryption key?

Share this post


Link to post
Share on other sites
7 hours ago, titox said:

I habe several encrypted document and files and their original (non encrypted) counterpart.. 

Could this serve to make a decryption key?

No. Newer variants of STOP/Djvu use RSA keys, which aren't susceptible to those sort of attacks.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.