Recommended Posts

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Hello, 

 

I also got encrypted. And the decrypter says "No key for New Variant online ID: SinNSspnHwauxYCE4pgScfXUCcZI8ifDx7OaOPCu. Notice: this ID appears to be an online ID, decryption is impossible"

 

When will key be possible to decrypted? How will I be informed if there will be any solutions? I would like to get mine files back as soon as possible (of course :) ) 

 

And one more thing, I cleaned computer with malware software. It found as much as possible harmfull files and programs. Is it now safe to use computer and share files? If I create new picture or doc, I can see that files are not encrypted.  

Share this post


Link to post
Share on other sites
17 hours ago, oscarromagos said:

New Variant online ID: 64UOLZNaP2Jm4vdVSPxCeA7zE8QZeAiwPYLweRCK

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
7 hours ago, Andrej said:

When will key be possible to decrypted?

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

 

7 hours ago, Andrej said:

How will I be informed if there will be any solutions?

We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

You can also follow the STOP ransomware support thread on the BleepingComputer forums:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

Share this post


Link to post
Share on other sites
7 hours ago, Andrej said:

I cleaned computer with malware software. It found as much as possible harmfull files and programs. Is it now safe to use computer and share files?

It should be. Most Anti-Virus software can easily detect and remove the STOP ransomware. If you want a second opinion, then you can try using Emsisoft Emergency Kit to run a scan and quarantine anything it finds:
https://www.emsisoft.com/en/home/emergencykit/

Share this post


Link to post
Share on other sites

Hello,

 

one more thing. We decided to make clean installation of Windows, programs and etc. Is there any risk that virus can come back?

Thank you and best regards

Share this post


Link to post
Share on other sites
13 hours ago, GT500 said:

If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

 

We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

You can also follow the STOP ransomware support thread on the BleepingComputer forums:
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

so we are doomed?

have ever any law enforcement got them? 

this guy is from L.A

he hacked my facebook too.

Share this post


Link to post
Share on other sites
16 hours ago, Andrej said:

Is there any risk that virus can come back?

Only if you run whatever pirated software the ransomware came from to begin with. It's also possible to reinfect the system by downloading/running new pirated software, so we recommend avoiding piracy for the safety of your computer and files.

Share this post


Link to post
Share on other sites
10 hours ago, Arik said:

have ever any law enforcement got them?

Some of the criminals who have made/distributed ransomware have been arrested. To my knowledge, no one associated with the STOP ransomware has ever been arrested though.

 

10 hours ago, Arik said:

this guy is from L.A

No, he's not located in the United States. If he was and it was that easy to track him down, then he'd have been in jail over a year ago.

 

10 hours ago, Arik said:

he hacked my facebook too.

Sometime in early 2019 the Azorult password stealer was added to the STOP ransomware, so when the ransomware runs on your computer it will attempt to steal any saved passwords on your computer and send them back to the criminals who made/distributed the ransomware. Be sure to change all of your passwords.

Share this post


Link to post
Share on other sites
14 hours ago, GT500 said:

Some of the criminals who have made/distributed ransomware have been arrested. To my knowledge, no one associated with the STOP ransomware has ever been arrested though.

 

No, he's not located in the United States. If he was and it was that easy to track him down, then he'd have been in jail over a year ago.

 

Sometime in early 2019 the Azorult password stealer was added to the STOP ransomware, so when the ransomware runs on your computer it will attempt to steal any saved passwords on your computer and send them back to the criminals who made/distributed the ransomware. Be sure to change all of your passwords.

I changed

Thanks

To your opinion

What are the odds / chance those online keys would some time be decrptyed.

Share this post


Link to post
Share on other sites
11 hours ago, Arik said:

What are the odds / chance those online keys would some time be decrptyed.

It's difficult to calculate. I think the odds are probably low, but they may get better if more people report these ransomware incidents to national law enforcement. There are links to various national law enforcement agencies at the following link:
https://www.nomoreransom.org/en/report-a-crime.html

Share this post


Link to post
Share on other sites

Dear staff,

Can I get help with .mmpa encryption?

Error: No key for New Variant online ID: 1zUtgOhPFChqExonXnBLhdAoUkXhiZkM2nXNcbdg
Notice: this ID appears to be an online ID, decryption is impossible

And,

Error: No key for New Variant offline ID: l3dZiQAloIT4h5EjQ4fTo1iCvZy9j4rkznbVeUt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

Is there any solution in future about these Online and Offline keys?

Share this post


Link to post
Share on other sites
18 hours ago, voceket said:

No key for New Variant online ID: 1zUtgOhPFChqExonXnBLhdAoUkXhiZkM2nXNcbdg

This ID is an online ID, so there is currently no way to decrypt your files.

 

19 hours ago, voceket said:

No key for New Variant offline ID: l3dZiQAloIT4h5EjQ4fTo1iCvZy9j4rkznbVeUt1

This ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information about the decrypter and this ransomware at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Dear Staff

My files were infected by this ID: 0257iodosadhtPkCve2MkD2UQD3qnHevqJV7FWqaUDrDbXRVaze with .mmpa extension

Is there any way to recover these files?

Thaks

Share this post


Link to post
Share on other sites
On 11/9/2020 at 4:00 AM, Ali Teke said:

My files were infected by this ID: 0257iodosadhtPkCve2MkD2UQD3qnHevqJV7FWqaUDrDbXRVaze with .mmpa extension

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Dear Sir, I have two questions.

I was infected by online mmpa ransomware.

I contacted someone who has actually been able to decrypt one of my files. (I sent him a sample of the encrypted files so that he would prove that he can do it.)

Since it is nearly impossible for anyone else to succeed, I presume he is the hacker. Two questions:

1. Do you also believe that he is the hacker?

2. Based on your experience, if I pay the ransom (I have some important files that I really have to recover) what are the chances that he will keep his word and give me the tools needed to recover my files?

Share this post


Link to post
Share on other sites
10 hours ago, cleopatra said:

1. Do you also believe that he is the hacker?

If you mean the criminal that created/distributed the ransomware, then yes. Unless your files have an offline ID and they private key for that ID is already known then they would have to be the criminal responsible for the ransomware in order to have access to the private key for your files. Decryption would literally be impossible for anyone else, unless they paid the ransom in order to get your private key from the criminals and are going to try to sell you decryption at a higher price than the criminals charged them.

 

10 hours ago, cleopatra said:

2. Based on your experience, if I pay the ransom (I have some important files that I really have to recover) what are the chances that he will keep his word and give me the tools needed to recover my files?

In the majority of cases the criminals will send a working decrypter and private key if you pay the ransom. Coveware used to have statistics on how frequently a working decrypter was received by victims, however I am unable to find that information at the moment (they may have removed the page as current variants of this ransomware don't effect most of their customer base).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.