Jump to content

My Files are encrypted by ransomware with extension .NUSM


Recommended Posts

Hello,

I got this malware last night and I have been trying to remove it ever since. The extension is .nsum, and it is on all my files. I cannot even open them. I installed kaspersky antivirus and virus remover. They found threats and successfuly deleted them. After that, I downloaded the Emsisoft Decryptor but unfornutatly I did not get any results. It keeps telling me that it is an online ID :/

I really need my files, so if anyone can help or give us the proper tools, it would be great.

Thanks, 

Link to comment
Share on other sites

You can read about whether your files can be decrypted in the general 'Help' on this Ransomware. 

Feel free to ask if something is not clear. 

The extortionists that use 'STOP Ransomware' to attack have been encrypting files for ransom for 3.5 years all over the world.
And no one can stop them, and no one gives the command to search and arrest the extortionists and their accomplices. 

Link to comment
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites

8 hours ago, GT500 said:

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Does this mean I will lose my files or is a solution going to be found? Also, if there were to be a solution, how long would it take?

Thanks,

Link to comment
Share on other sites

Hi,

 

I have been attacked as well, all my files turned into NUSM on my SSD and i don’t have any recent backups. The Emisoft decryptor is not working since they encrypted through an online key.

This ID is 0298SirjgeZwXy0mWQ7jHl2WCrKfFpRGVLV6DVeMtZw7bYSB
 

3 years of my work is gone and it feels like my life is basically over. Please help.

 

 

  • Sad 1
Link to comment
Share on other sites

I realised that the contents within zip files are not encrypted. For zip files you can just remove the .nusm at the back.

Large Photoshop files can also be recovered the same way. 

I tried for navisworks and Bentley those did not work. Shadow explorer did not work for me as well. 

Hoping someone is able to decrypt them! 

Link to comment
Share on other sites

I have been attacked with this last night. My id starts with 0298.
I'm a musician and audio engineer and I've just lost 5 years of work lost.
I live in Argentina and I can't even get US dollars to pay, they request $480 usd and that's more than I make in a month and I barely can pay rent and live with that money. so I need to decrypt this by my own, tried Emisoft Decryptor and didn't work (Online key error) please please help me :(

Link to comment
Share on other sites

5 hours ago, JuanStargazer said:

I have been attacked with this last night. My id starts with 0298.
I'm a musician and audio engineer and I've just lost 5 years of work lost.
I live in Argentina and I can't even get US dollars to pay, they request $480 usd and that's more than I make in a month and I barely can pay rent and live with that money. so I need to decrypt this by my own, tried Emisoft Decryptor and didn't work (Online key error) please please help me :(

Oh no! Online key :( did shadow explorer or photorec work for you? 

Link to comment
Share on other sites

Hola, @JuanStargazer

This ransomware encrypts many files, but audio/video files can only be partially damaged.

There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp


@GT500 support specialist recommends trying it out. But first, make a copy of the files you are trying to decrypt.

Let us know (here or me in PM) about your results.

Link to comment
Share on other sites

If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed.

Link to comment
Share on other sites

On 5/21/2021 at 5:02 PM, nn5 said:

Hi,

 

I have been attacked as well, all my files turned into NUSM on my SSD and i don’t have any recent backups. The Emisoft decryptor is not working since they encrypted through an online key.

This ID is 0298SirjgeZwXy0mWQ7jHl2WCrKfFpRGVLV6DVeMtZw7bYSB
 

3 years of my work is gone and it feels like my life is basically over. Please help.

 

 

 

Link to comment
Share on other sites

On 5/20/2021 at 7:04 PM, Amigo-A said:

Hello, this extension seems new.
What are the 4 digits at the beginning of your IDs?
Is it 0298?

Hello,

 

Yes, my ID starts with 0298. Can you help?

 

Link to comment
Share on other sites

I got this malware last weekend. my files are very importance so I'm already paid for it.

but I don't know this decryptor  suitable for that attack on your computer .NUSM malware or note35679f85a7b4f0156c239f7db1bf389.jpg

   9ac4f7373b1ae799d24e4cff98e346ac.jpg

  • Upvote 1
Link to comment
Share on other sites

On 5/24/2021 at 12:21 PM, YaYA said:

I got this malware last weekend. my files are very importance so I'm already paid for it.

but I don't know this decryptor  suitable for that attack on your computer .NUSM malware or note35679f85a7b4f0156c239f7db1bf389.jpg

   9ac4f7373b1ae799d24e4cff98e346ac.jpg

Hello,

 

Can you share with us the decryption tool because we really need it. Unfortunately, I do not have the money right now, so if you can send it, it would be great. Or send it to the admins maybe they can replicate it.

 

Thanks,

Link to comment
Share on other sites

On 5/24/2021 at 4:21 PM, YaYA said:

I got this malware last weekend. my files are very importance so I'm already paid for it.

but I don't know this decryptor  suitable for that attack on your computer .NUSM malware or note35679f85a7b4f0156c239f7db1bf389.jpg

   9ac4f7373b1ae799d24e4cff98e346ac.jpg

can you please share the tools, we thank you for that. I'm still a student and can't have big money
 
image.png.5d08db07a9856a5d6fcc1de0931ab5e6.png
 
 
 
 
 
Link to comment
Share on other sites

On 5/24/2021 at 12:21 PM, YaYA said:

I got this malware last weekend. my files are very importance so I'm already paid for it.

but I don't know this decryptor  suitable for that attack on your computer .NUSM malware or note35679f85a7b4f0156c239f7db1bf389.jpg

   9ac4f7373b1ae799d24e4cff98e346ac.jpg

This is my computer got the malware statement, please recheck Your personal ID before run the program

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

https://we.tl/t-jzgjeYI5Sl
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:

[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0298Sirj12b9SCAa7DBH1d3gOb0kSywFBOyWehkf166H2zXh
 
 
Edited by Elise
Removed link to externally hosted file, decrypter will work for one victim only.
Link to comment
Share on other sites

On 21/5/2021 at 03:54, GT500 said:

Đây là một biến thể mới hơn của STOP / Djvu. Nếu bạn có ID ngoại tuyến, thì khi chúng tôi có thể tìm thấy khóa giải mã cho biến thể này và thêm nó vào cơ sở dữ liệu của chúng tôi, bạn sẽ có thể khôi phục các tệp của mình. Tuy nhiên, nếu bạn có ID trực tuyến (nhiều khả năng xảy ra) thì sẽ không thể khôi phục tệp của bạn. Tham khảo thêm thông tin tại link sau:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

there is an online ID decryption tool, but it only applies to 1 ID. Is there a way to replace the decryption ID
 
image.png.324654fb5481522701b9ef37d627ee4d.png
 
 
 
 
 
Link to comment
Share on other sites

I was attacked by this ransomware on 22 may 2021 althought i have removed it completely from doing it again but im worried that all my files wont recover and my id is an offline it ends with t1. In how long do you guys generally get the private key for stop/djvu previous versions.

Link to comment
Share on other sites

3 hours ago, Aether said:

In how long do you guys generally get the private key for stop/djvu previous versions.

It does not depend on the efficiency of the Emsisoft employees' work, it does not depend on your or my desire.
Someone can pay the ransom, get the key, decrypt the files, and hand over the key to the Emsisoft specialists. Previously, the activity of people willing to pay the ransom was higher, now for some reason, it is lower. 

Link to comment
Share on other sites

If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed.

There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

  • Upvote 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...