URL THAT LEADS TO MALWARE. DECRYPTOR NEEDED

[Mussharraf Hossen Shoikot 0]

<removed URL's>

several sites lead to it from what is seen in google search results. make decryptor

Edited August 11 by GT500

[GT500 834]

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

[Mussharraf Hossen Shoikot 0]

@GT500 emsisoft decryptor fails to decrypt. new decryptor needed for anything encrypted with the ransomware i gave in link.

 

Error: No key for New Variant online ID: aze3gYBYnp1s1LMW8eFJLIkqAEWrawHShXVztRSq
Notice: this ID appears to be an online ID, decryption is impossible

Finished!

Edited August 23 by Mussharraf Hossen Shoikot

[GT500 834]

18 hours ago, Mussharraf Hossen Shoikot said:

No key for New Variant online ID: aze3gYBYnp1s1LMW8eFJLIkqAEWrawHShXVztRSq
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

[Mussharraf Hossen Shoikot 0]

@GT500 did you not read my first post? "make decryptor" is written there. it means I know there is no decryptor yet but needs to be made. I gave the url to ransomware in first post. use it

[GT500 834]

13 hours ago, Mussharraf Hossen Shoikot said:

@GT500 did you not read my first post? "make decryptor" is written there. it means I know there is no decryptor yet but needs to be made. I gave the url to ransomware in first post. use it

Please don't post links to live malware in the public forums. You can upload it to VirusTotal and post a link to the analysis, but we don't want links to malicious files that anyone can follow and download from.

Also, we know this ransomware well, and we already have a decrypter for it. I've already explained that it is impossible to decrypt your files as they have an online ID, and they can only be decrypted using the private key for your ID, which is only in the possession of the criminals who made/distributed the ransomware.

[Mussharraf Hossen Shoikot 0]

On 8/26/2020 at 11:29 AM, GT500 said:

Please don't post links to live malware in the public forums. You can upload it to VirusTotal and post a link to the analysis, but we don't want links to malicious files that anyone can follow and download from.

Also, we know this ransomware well, and we already have a decrypter for it. I've already explained that it is impossible to decrypt your files as they have an online ID, and they can only be decrypted using the private key for your ID, which is only in the possession of the criminals who made/distributed the ransomware.

anyway to forward this by your organization (emsisoft) to organizations that can catch them and extract the private keys?

[GT500 834]

14 hours ago, Mussharraf Hossen Shoikot said:

anyway to forward this by your organization (emsisoft) to organizations that can catch them and extract the private keys?

Only the criminals have the private keys. The only time a private key will ever be on your computer is if you pay the ransom and the criminals send you a decrypter.