stop 0 Posted January 18 Report Share Posted January 18 Hi. Check my result: Result: We have identified "STOP (Djvu)". This ransomware may be decryptable under certain circumstances. Please refer to the appropriate guide for more information. Identified by: ransomnote_email: [email protected] sample_extension: .omfl sample_bytes: [0x1FA1 - 0x1FC7] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D Click here for more information about STOP (Djvu). Case number: 726d8b53b044eb07e9af232ab5373643a40bca9e1611006311 Removed ransomware virus on my computer. But i'm not sure. And not format yet. Emsisoft stop/djvu decryptor tool doesn't decrpyt my files. How can i solve this problem? Thanks. My system: Win7 x64 with SSD (Intel system) _readme.txt Quote Link to post Share on other sites
GT500 873 Posted January 19 Report Share Posted January 19 This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ 1 Quote Link to post Share on other sites
stop 0 Posted January 28 Author Report Share Posted January 28 Why Emsisoft Decryptor Tool not updating? Still at 1.0.0.5. Quote Link to post Share on other sites
stop 0 Posted January 28 Author Report Share Posted January 28 This virus(.omfl) why not infected in some files(steam etc.)? Isn't 154kb and over ? Quote Link to post Share on other sites
GT500 873 Posted January 29 Report Share Posted January 29 12 hours ago, stop said: Why Emsisoft Decryptor Tool not updating? Still at 1.0.0.5. It doesn't need to be updated. 12 hours ago, stop said: This virus(.omfl) why not infected in some files(steam etc.)? Isn't 154kb and over ? The ransomware will only encrypt certain types of files. Quote Link to post Share on other sites
stop 0 Posted January 29 Author Report Share Posted January 29 13 hours ago, GT500 said: It doesn't need to be updated. Why? Sorry, i don't understand what you mean. Look at this man: On 1/19/2021 at 9:24 AM, GT500 said: This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ "This is a newer variant of STOP/Djvu..." and "however we don't yet have the private key" you said. If it's the new variant, why not update it to fix the new variant virus? This is the _readme.txt file content: ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-egvXx8HqOt Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0272omflAsdhkioO7OVYUyivYvPEI6nuQIcKXNx74ml0mkowpmDzt1 Quote Link to post Share on other sites
stop 0 Posted January 29 Author Report Share Posted January 29 (edited) URL the virus came to me: ******************* (Please don't click this URL) Edited January 30 by GT500 Removed links. Quote Link to post Share on other sites
GT500 873 Posted January 30 Report Share Posted January 30 9 hours ago, stop said: If it's the new variant, why not update it to fix the new variant virus? Because the decrypter already supports it. The reason it can't decrypt files encrypted by this newer variant is due to the fact that we don't have the private key for it's offline ID. We have to wait for a victim with an offline ID who paid the ransom to donate their private key to us. 1 Quote Link to post Share on other sites
GT500 873 Posted January 30 Report Share Posted January 30 9 hours ago, stop said: URL the virus came to me: ******************* (Please don't click this URL) Please don't post malicious links on our forums. If you would like for us to analyze a file, or a malicious URL (aka. link), then run it through VirusTotal and post the link to the analysis here for us to review. We can download files from VirusTotal, so anything you upload there we have access to. 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.