radansya 0 Posted September 15, 2020 Report Share Posted September 15, 2020 hello guys, My server computer was infected by ransomware jsworm, I used emsisoft decrypter jsworm 4.0 to decrypt my file. after 100% it goes 110% is this normal? can anyone help me ? I uploaded an infected file, it may be needed many thanks sample ransomware.rar Quote Link to post Share on other sites
GT500 853 Posted September 15, 2020 Report Share Posted September 15, 2020 Did you try another file pair? 1 Quote Link to post Share on other sites
radansya 0 Posted September 15, 2020 Author Report Share Posted September 15, 2020 @GT500 yes i did, it still 17,50 %, i hope it work is this normal ? Quote Link to post Share on other sites
GT500 853 Posted September 16, 2020 Report Share Posted September 16, 2020 22 hours ago, radansya said: is this normal ? No. It's usually the result of a bad file pair. 1 Quote Link to post Share on other sites
Amigo-A 136 Posted September 16, 2020 Report Share Posted September 16, 2020 Hello @radansya When did the encryption happen? Now or last year? 1 Quote Link to post Share on other sites
radansya 0 Posted September 17, 2020 Author Report Share Posted September 17, 2020 @Amigo-A its happen 2 days ago can you help me ? Quote Link to post Share on other sites
radansya 0 Posted September 17, 2020 Author Report Share Posted September 17, 2020 https://drive.google.com/file/d/1Zk6HBUFvb9_MT53PLMjD-X5Om2Wqm18c/view?usp=sharing this file i used to pairs i can upload in forum, "uploaded failed" the ransomware note "JBUIIGF-DECRYPT.hta" not "JSWRM-DECRYPT.hta" Quote Link to post Share on other sites
Amigo-A 136 Posted September 17, 2020 Report Share Posted September 17, 2020 We have not seen any other cases after March this year.https://support.emsisoft.com/topic/32879-jsworm-403/ 1 Quote Link to post Share on other sites
Amigo-A 136 Posted September 17, 2020 Report Share Posted September 17, 2020 You need attach a file JBUIIGF-DECRYPT.hta Note! The file must be archived with a password 123 1 Quote Link to post Share on other sites
radansya 0 Posted September 18, 2020 Author Report Share Posted September 18, 2020 @Amigo-A what next ? JBUIIGF-DECRYPT.rar Quote Link to post Share on other sites
Amigo-A 136 Posted September 18, 2020 Report Share Posted September 18, 2020 Decryption specialists will look at your files. A decryptor has already been made, but it does not decrypt 'JSWORM 4.0' files. Perhaps it will be possible in the future. 1 Quote Link to post Share on other sites
radansya 0 Posted September 18, 2020 Author Report Share Posted September 18, 2020 1 hour ago, Amigo-A said: Decryption specialists will look at your files. A decryptor has already been made, but it does not decrypt 'JSWORM 4.0' files. Perhaps it will be possible in the future. so i can't descrypt my file ? Quote Link to post Share on other sites
Amigo-A 136 Posted September 18, 2020 Report Share Posted September 18, 2020 Emsisoft Decryptor for JSWorm 4.0 As I said above, you need wait the decryption Emsisoft specialist to check your files for decryption. The Emsisoft Decryptor was made for version 4.0.2, and you have 4.0.3. It doesn't look like a new version, most likely you have an old version as well. This needs adjustment. In different versions, the encryption changes, if at first it was possible to decrypt the files, then after small changes, decryption may not be possible. But do not despair, you need to be patient. Decrypting without the original encryption key is a laborious process. Wait for a response from an Emsisoft representative, he will coordinate the information with the file decryption specialist who created the decryptor. 1 Quote Link to post Share on other sites
GT500 853 Posted September 18, 2020 Report Share Posted September 18, 2020 12 hours ago, radansya said: so i can't descrypt my file ? We've found a minor difference in the ransomware from what we've seen previously that effected brute forcing the key, however we were able to do it manually. Use this key file along with the decrypter (put them in the same folder and run the decrypter): https://gt500.org/emsisoft/forum_files/2020-09-18/radansya/decryption.key 2 Quote Link to post Share on other sites
radansya 0 Posted September 19, 2020 Author Report Share Posted September 19, 2020 thans guys, your all awesome,, it's work Quote Link to post Share on other sites
GT500 853 Posted September 19, 2020 Report Share Posted September 19, 2020 You're welcome. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.