Recommended Posts

hello guys,

My server computer was infected by ransomware jsworm, I used emsisoft decrypter jsworm 4.0 to decrypt my file.
 
after 100% it goes 110% is this normal? can anyone help me ?
 
 
I uploaded an infected file, it may be needed
 
many thanks

sample ransomware.rar

Share this post


Link to post
Share on other sites
22 hours ago, radansya said:

is this normal ?

No. It's usually the result of a bad file pair.

  • Thanks 1

Share this post


Link to post
Share on other sites

You need attach a file JBUIIGF-DECRYPT.hta

Note! The file must be archived with a password 123

  • Thanks 1

Share this post


Link to post
Share on other sites

Decryption specialists will look at your files. A decryptor has already been made, but it does not decrypt 'JSWORM 4.0' files.

Perhaps it will be possible in the future.

  • Thanks 1

Share this post


Link to post
Share on other sites
1 hour ago, Amigo-A said:

Decryption specialists will look at your files. A decryptor has already been made, but it does not decrypt 'JSWORM 4.0' files.

Perhaps it will be possible in the future.

so i can't descrypt my file ?

Share this post


Link to post
Share on other sites

Emsisoft Decryptor for JSWorm 4.0

As I said above, you need wait the decryption Emsisoft specialist to check your files for decryption.
The Emsisoft Decryptor was made for version 4.0.2, and you have 4.0.3.
It doesn't look like a new version, most likely you have an old version as well. This needs adjustment.

In different versions, the encryption changes, if at first it was possible to decrypt the files, then after small changes, decryption may not be possible. But do not despair, you need to be patient. Decrypting without the original encryption key is a laborious process.

Wait for a response from an Emsisoft representative, he will coordinate the information with the file decryption specialist who created the decryptor. 

  • Thanks 1

Share this post


Link to post
Share on other sites
12 hours ago, radansya said:

so i can't descrypt my file ?

We've found a minor difference in the ransomware from what we've seen previously that effected brute forcing the key, however we were able to do it manually. Use this key file along with the decrypter (put them in the same folder and run the decrypter):

https://gt500.org/emsisoft/forum_files/2020-09-18/radansya/decryption.key

  • Thanks 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.