about JSWORM 4.0

[radansya]

hello guys,

My server computer was infected by ransomware jsworm, I used emsisoft decrypter jsworm 4.0 to decrypt my file.

 

after 100% it goes 110% is this normal? can anyone help me ?

 

 

I uploaded an infected file, it may be needed

 

many thanks

sample ransomware.rar

[GT500]

Did you try another file pair?

[radansya]

@GT500 yes i did,

it still 17,50 %,

i hope it work

 

is this normal ?

[GT500]

22 hours ago, radansya said:

is this normal ?

No. It's usually the result of a bad file pair.

[Amigo-A]

Hello @radansya

When did the encryption happen? Now or last year?

[radansya]

@Amigo-A its happen 2 days ago

can you help me ?

[radansya]

https://drive.google.com/file/d/1Zk6HBUFvb9_MT53PLMjD-X5Om2Wqm18c/view?usp=sharing

this file i used to pairs

i can upload in forum, "uploaded failed"

 

the ransomware note "JBUIIGF-DECRYPT.hta" not "JSWRM-DECRYPT.hta"

[Amigo-A]

We have not seen any other cases after March this year.
https://support.emsisoft.com/topic/32879-jsworm-403/

[Amigo-A]

You need attach a file JBUIIGF-DECRYPT.hta

Note! The file must be archived with a password 123

[radansya]

@Amigo-A what next ?

JBUIIGF-DECRYPT.rar

[Amigo-A]

Decryption specialists will look at your files. A decryptor has already been made, but it does not decrypt 'JSWORM 4.0' files.

Perhaps it will be possible in the future.

[radansya]

1 hour ago, Amigo-A said:

Decryption specialists will look at your files. A decryptor has already been made, but it does not decrypt 'JSWORM 4.0' files.

Perhaps it will be possible in the future.

so i can't descrypt my file ?

[Amigo-A]

Emsisoft Decryptor for JSWorm 4.0

As I said above, you need wait the decryption Emsisoft specialist to check your files for decryption.
The Emsisoft Decryptor was made for version 4.0.2, and you have 4.0.3.
It doesn't look like a new version, most likely you have an old version as well. This needs adjustment.

In different versions, the encryption changes, if at first it was possible to decrypt the files, then after small changes, decryption may not be possible. But do not despair, you need to be patient. Decrypting without the original encryption key is a laborious process.

Wait for a response from an Emsisoft representative, he will coordinate the information with the file decryption specialist who created the decryptor. 

[GT500]

12 hours ago, radansya said:

so i can't descrypt my file ?

We've found a minor difference in the ransomware from what we've seen previously that effected brute forcing the key, however we were able to do it manually. Use this key file along with the decrypter (put them in the same folder and run the decrypter):

https://gt500.org/emsisoft/forum_files/2020-09-18/radansya/decryption.key

[radansya]

thans guys, your all awesome,,

it's work 

[GT500]

You're welcome.