Jump to content

.Nobu Ransomware

123fizh

By 123fizh,
in Help, my files are encrypted!

 Share Followers 0

Recommended Posts

123fizh

123fizh 0

Posted
Posted

This is a new ransomware with this particular _readme.txt message

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-j3hj0RjttJ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

When will emsisoft release the new decryption for this ransomware (.Nobu)? Because all my important file are infected and a lot of them that i haven't backup, so yeah pretty desperate here. All my files has extensions of (.Nobu) so then i couldn't open any of the files that are infected. Thank you

Link to post
Share on other sites
Stylistic_star

Stylistic_star 0

Posted
Posted
23 hours ago, 123fizh said:

This is a new ransomware with this particular _readme.txt message

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-j3hj0RjttJ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]ail.ch

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

When will emsisoft release the new decryption for this ransomware (.Nobu)? Because all my important file are infected and a lot of them that i haven't backup, so yeah pretty desperate here. All my files has extensions of (.Nobu) so then i couldn't open any of the files that are infected. Thank you

I'm too facing the same issue I believe emsisoft will help us ! 

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
On 12/6/2020 at 7:14 AM, 123fizh said:

This is a new ransomware with this particular _readme.txt message

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
Stylistic_star

Stylistic_star 0

Posted
Posted
1 hour ago, phradamon said:

Hi! I have the same problem, last night my pc was infected and all my files are now encrypted. Please help!

Tell me what you need me to provide so you can decrypt the files.

Also, why is difficult to decrypt online variant?

Thank you!

 

Idk btw there will be a way for sure let's get rid of malwares and Ransome from our systems scan our files and remove viruses at first then I hope the decryption would be possible without the encryption online hosts be hopeless ! That's the only thing we can do now until that we will have to wait for decryption software from emsisoft I hope that they will make it possible !

Thank you , 

Link to post
Share on other sites
Magdana

Magdana 0

Posted
Posted
9 hours ago, GT500 said:

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

When can we expect decryption tool from emsisoft ?

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
16 hours ago, phradamon said:

Also, why is difficult to decrypt online variant?

It's not difficult, it's impossible to do it without the private key for your ID, and only the criminals have access to the private keys.

The reason is that an online ID means that the ID, public key, and private key were all randomly generated on the ransomware's command and control server. Only the ID and public key are sent to the infected computer for the ransomware to use during encryption, and the only way to decrypt files is to use the private key. Since it would take thousands of years even for the most powerful super computer to brute force the private keys it's generally considered impossible to decrypt files that have an online ID.

Offline ID's at least have a chance of being decrypted because files that have offline ID's were encrypted using an offline public key, and that public key and ID only change when the variant changes, so everyone who has the same ID can use the same private key to decrypt their files. If a victim with an offline ID pays the ransom and donates their private key to us, we can add it to our database for use by our decrypter.

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
12 hours ago, Magdana said:

When can we expect decryption tool from emsisoft ?

We already have one. The decrypter needs private keys, and they're in the possession of the criminals who made the ransomware. We don't have any way to get private keys unless victims who have paid the ransom send them to us.

This should all be covered in this link to more information:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
Sonny Wijaya

Sonny Wijaya 0

Posted
Posted

Hi there

Recently in my country Indonesia,  i got 3 client infected with .NOBU
And fortunately they got their file back,  although not 100% percent, but its better than nothing.

Because until now no fixed solution for almost all variant ransomware, its better to take off your hard drive, and wait for emsisoft decryptor.
 

.NOBU.png

Link to post
Share on other sites
Magdana

Magdana 0

Posted
Posted
5 hours ago, GT500 said:

We already have one. The decrypter needs private keys, and they're in the possession of the criminals who made the ransomware. We don't have any way to get private keys unless victims who have paid the ransom send them to us.

This should all be covered in this link to more information:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

I have document 'PersonalID' with this code: SDf7R6WUGaEzJNgXcQpRgN6gCpPPwTjbgmTvgSAY
This document made criminals. I did not get any information about money for them.

Link to post
Share on other sites
Stylistic_star

Stylistic_star 0

Posted
Posted
47 minutes ago, Magdana said:

I have document 'PersonalID' with this code: SDf7R6WUGaEzJNgXcQpRgN6gCpPPwTjbgmTvgSAY
This document made criminals. I did not get any information about money for them.

Good things on our side guys block all your internet connection and run out the malware byte software and remove the injected Ransome viruses for further causes or damage to your data ! I got just now by scanning through Emsisoft Decryptor for STOP Djvu and got this results :

Error : The remote name could not be resolved : "decryptor.emsisoft.com" 

GUYS BLOCK ALL THE INTERNET CONNECTIONS AND REMOVE THE VIRUSES AND MALWARES ; THIS CAN BE A WAY EASIER TO GET BACK OUR FILES 

EMSISOFT KINDLY HELP US OUT !

THANK YOU ,

Link to post
Share on other sites
Sonny Wijaya

Sonny Wijaya 0

Posted
Posted
4 hours ago, Stylistic_star said:

Hey how which was the software kindly inform me about the decryption ; I've got antivirus and malware detection software and got rid of some malwares detected and now I'm free of infection will I be possible to get my data back coz the links could've been blocked or broken 

Unfortunately, as long as i know theres no software or antivirus can detect or give u notification about ransomware trying to breach your system.
The only best solution i know is to prevent this thing to encrypt your data.
Stop downloading software or serial number, this is the TOP NUMBER 1 THINGS YOU SHOULDNT DO.  

Link to post
Share on other sites
Stylistic_star

Stylistic_star 0

Posted
Posted
12 minutes ago, Sonny Wijaya said:

Unfortunately, as long as i know theres no software or antivirus can detect or give u notification about ransomware trying to breach your system.
The only best solution i know is to prevent this thing to encrypt your data.
Stop downloading software or serial number, this is the TOP NUMBER 1 THINGS YOU SHOULDNT DO.  

I got it ; btw I'm being well known about this from emsisoft community thank you ! By we can break the connection 

Link to post
Share on other sites
josssia

josssia 0

Posted
Posted
6 hours ago, Sonny Wijaya said:

Hi there

Recently in my country Indonesia,  i got 3 client infected with .NOBU
And fortunately they got their file back,  although not 100% percent, but its better than nothing.

Because until now no fixed solution for almost all variant ransomware, its better to take off your hard drive, and wait for emsisoft decryptor.
 

.NOBU.png
Download Image

Saya juga dari Indonesia, saya kena nobu di semua folder D saya. saya mau tanya, itu client kaka filenya balik dengan sendirinya gimana?

Link to post
Share on other sites
Sonny Wijaya

Sonny Wijaya 0

Posted
Posted
15 hours ago, josssia said:

Saya juga dari Indonesia, saya kena nobu di semua folder D saya. saya mau tanya, itu client kaka filenya balik dengan sendirinya gimana?

Kebetulan saya data recovery pak, hal2 yang berkaitan dengan ransomware itu sebenarnya sedikit bersinggungan dengan teknik data recovery.
Sayangnya sampai sekarang, banyak orang yang tidak aware akan bahayanya ransomware ini pak.
Boleh tau sudah diapain aja pak hardisknya ? 

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
22 hours ago, Stylistic_star said:

Nope I'm offline...

That's why the decrypter didn't work. It needs an Internet connection.

 

18 hours ago, Stylistic_star said:

GUYS BLOCK ALL THE INTERNET CONNECTIONS AND REMOVE THE VIRUSES AND MALWARES ; THIS CAN BE A WAY EASIER TO GET BACK OUR FILES 

Not only is there no need to do this, but doing so will in no way help you recover your files.

The STOP/Djvu ransomware is very easy to remove, and most Anti-Virus software can detect it. You can even use EmsisEmsisoft Emergency Kit (free for home/personal use) to run a scan:
https://www.emsisoft.com/en/home/emergencykit/

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
17 hours ago, Sonny Wijaya said:

Unfortunately, as long as i know theres no software or antivirus can detect or give u notification about ransomware trying to breach your system.

Emsisoft Anti-Malware's Behavior Blocker is fairly good at stopping ransomware attacks:
https://www.emsisoft.com/en/home/antimalware/

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
19 hours ago, Magdana said:

I have document 'PersonalID' with this code: SDf7R6WUGaEzJNgXcQpRgN6gCpPPwTjbgmTvgSAY
This document made criminals. I did not get any information about money for them.

Your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
16 hours ago, josssia said:

Saya juga dari Indonesia, saya kena nobu di semua folder D saya. saya mau tanya, itu client kaka filenya balik dengan sendirinya gimana?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

Terjemahan disediakan oleh Google:
Ini adalah varian yang lebih baru dari STOP / Djvu. Jika Anda memiliki ID offline, maka setelah kami dapat menemukan kunci dekripsi untuk varian ini dan menambahkannya ke database kami, Anda akan dapat memulihkan file Anda. Namun, jika Anda memiliki ID online (yang lebih mungkin) maka tidak mungkin untuk memulihkan file Anda. Ada lebih banyak informasi di tautan berikut:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
josssia

josssia 0

Posted
Posted
1 hour ago, Sonny Wijaya said:

Kebetulan saya data recovery pak, hal2 yang berkaitan dengan ransomware itu sebenarnya sedikit bersinggungan dengan teknik data recovery.
Sayangnya sampai sekarang, banyak orang yang tidak aware akan bahayanya ransomware ini pak.
Boleh tau sudah diapain aja pak hardisknya ? 

belum saya apa2in pak karna saya baru pertama kali terkena ransomware ini dan saya gatau apa yang harus saya lakukan

Link to post
Share on other sites
Akssel

Akssel 0

Posted
Posted
7 hours ago, GT500 said:

The decrypter won't work when it has no Internet connection.

When I'm connected to the internet:  
(Error: No key for New Variant online ID: DE8ADnV8LUx7e5KYh8u0qg96Yw8dAHbQ2aN7oRr7
Notice: this ID appears to be an online ID, decryption is impossible)
 

When I'm  offline: (Error: Impossibile risolvere il nome remoto.: 'decrypter.emsisoft.com')

It doesn't work in any way😭

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
14 hours ago, Akssel said:

No key for New Variant online ID: DE8ADnV8LUx7e5KYh8u0qg96Yw8dAHbQ2aN7oRr7
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
Kim999

Kim999 0

Posted
Posted
On 12/10/2020 at 1:07 PM, Sonny Wijaya said:

Kebetulan saya data recovery pak, hal2 yang berkaitan dengan ransomware itu sebenarnya sedikit bersinggungan dengan teknik data recovery.
Sayangnya sampai sekarang, banyak orang yang tidak aware akan bahayanya ransomware ini pak.
Boleh tau sudah diapain aja pak hardisknya ? 

Yes my friend told me so. Using data recovery. Even though it's not 100% recover your files as it infected almost the WHOLE files in folder and sub folder.
I have the back up on external harddisk for some of the files...Now the next issue is that I kind of worried to connect external harddisk in order to copy the files I need from backup-external harddisk. 

I already scan everything and get my windows massive update. Do you guys thing the malware is cleaned? And how do I make sure it.
 

Ps: I'm from Indonesia also. I use english so that everyone here may know the best solution for this creepy things v^_^

 

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
20 hours ago, Kim999 said:

Do you guys thing the malware is cleaned? And how do I make sure it.

Most Anti-Virus software can detect it, and it's easy to remove. You can use Emsisoft Emergency Kit (free for home/personal use) for a second opinion scan if you need to:
https://www.emsisoft.com/en/home/emergencykit/

Link to post
Share on other sites
Akssel

Akssel 0

Posted
Posted
On 12/10/2020 at 3:53 PM, Akssel said:

When I'm connected to the internet:  
(Error: No key for New Variant online ID: DE8ADnV8LUx7e5KYh8u0qg96Yw8dAHbQ2aN7oRr7
Notice: this ID appears to be an online ID, decryption is impossible)
 

When I'm  offline: (Error: Impossibile risolvere il nome remoto.: 'decrypter.emsisoft.com')

It doesn't work in any way😭

Someone found the solution to descrypt the "NUBE" files?????

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
19 hours ago, Ezam said:

When is Nobu decryptor will be release...?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
zens

zens 0

Posted
Posted

Please help me from Indonesia, I am being hit by a Ransomware virus accident, the data files that were handed over to drive D and E all files changed to type IGAL File (.igal). and the attached criminal's message. I really hope to get a solution and help. Thank you for your help and attention

crooks message

 

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-aWdCfIWJJ2
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:

xxxxx.xxxxxx.xxxxxx.xxxxxxxx

 

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
16 hours ago, zens said:

Your personal ID:
xxxxx.xxxxxx.xxxxxx.xxxxxxxx

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to post
Share on other sites
Akssel

Akssel 0

Posted
Posted
On 12/26/2020 at 6:20 AM, GT500 said:

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

File: C:\Montaggio\VE Project 1.wfp.nobu
Error: No key for New Variant online ID: DE8ADnV8LUx7e5KYh8u0qg96Yw8dAHbQ2aN7oRr7
Notice: this ID appears to be an online ID, decryption is impossible

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
10 hours ago, Akssel said:

No key for New Variant online ID: DE8ADnV8LUx7e5KYh8u0qg96Yw8dAHbQ2aN7oRr7
Notice: this ID appears to be an online ID, decryption is impossible

That's an online ID. Your files aren't decryptable.

Link to post
Share on other sites
Magdana

Magdana 0

Posted
Posted
On 12/24/2020 at 6:18 AM, GT500 said:

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Did you manage to prepare the decrypter?

Link to post
Share on other sites
GT500

GT500 873

Posted
Posted
16 hours ago, Magdana said:

Did you manage to prepare the decrypter?

The decrypter hasn't been updated in quite some time, and when we do update it we only do so to fix bugs.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 0
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 02/27/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...