Remote server returned an error 404, drume extension help

[daemon3642]

[Amigo-A]

 

Quote

the .drume extension

You are running a newer version of the decryptor for an older version of the 'STOP Ransomware' encryptor.

You don't need to use it.

For your case, decryption is performed by another method.

Visit this page https://decrypter.emsisoft.com/submit/stopdjvu/

Read the instructions on this page, scroll down the page and read the text which is below under (+) 

If something in the manual is not clear, ask and the support staff will help you. 

An important condition is that the Internet connection must not be broken. This service only works online.

[cybermetric]

It also looks like @daemon3642 has removed the .drume extension from the encrypted files, which he/she should not have done. 

[daemon3642]

2 minutes ago, cybermetric said:

It also looks like @daemon3642 has removed the .drume extension from the encrypted files, which he/she should not have done. 

I have no idea what happened there, how can one remove the .drume extension and can I restore it? 

[cybermetric]

8 minutes ago, daemon3642 said:

I have no idea what happened there, how can one remove the .drume extension and can I restore it? 

One could manually remove the extension quite easily. Also, using some other decrypter may have removed the extensions. I don't know how the Emsisoft decrypter would respond if the extensions have been removed.

I'm sure Amigo-A (one of the resident experts) will be along with additional help.  

The error you got is because you weren't online when you ran the decrypter. The decrypter needs to connect with the Emsisoft server.

[daemon3642]

Just now, cybermetric said:

One could manually remove the extension quite easily. Also, using some other decrypter may have removed the extensions. I don't know how the Emsisoft decrypter would respond if the extensions have been removed.

I'm sure Amigo-A (one of the resident experts) will be along with additional help.  

Emsisoft is the only decrypted that I used,  and the first version that I tried returned a 404 error. Did that possibly do it? 

[daemon3642]

Before you replied,  I tried the version Amigo told me to try. This was the result I got 

[Amigo-A]

I informed Demonslay335, if he sees my message today, he will look at what does not work there. 

Some errors may be related to incomplete encryption. I'm not a developer, I can't see what's connected there. 

It is possible that there is a real server error, then you need to try in a couple of days.

[Demonslay335]

9 hours ago, cybermetric said:

It also looks like @daemon3642 has removed the .drume extension from the encrypted files, which he/she should not have done. 

No, he simply has "File name extensions" hidden in Explorer (it is highly recommended to change that...). You can see the "Type" shows as "DRUME File".

As for the 404 error, it's an anomaly based on the files that were listed there. When the decryptor sees the STOP Djvu filemarker ("{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}") in a file, it takes the extension and asks the server "hey, is this Old or New Djvu?" (if it hasn't already asked for that extension). Apparently, those files had the filemarker, but no appended extension. There seems to be a security thing with the server engine that instantly rejects image extensions such as ".gif" for that parameter instead of letting my code handle it. I'll look into it, but it may be out of my control for the time being. Either way, it doesn't affect you much since those files were just in your Recycle Bin.

As the decryptor told you for your .drume files, it is Old Djvu, and you need to follow the instructions for uploading file pairs as Amigo-A said. You specifically need to upload an encrypted/original file pair for either a DOCX/XLSX/PPTX, or ZIP file, as those all start with the same first 5 bytes (which is why it is telling you what they are).

 

Edit: the 404 error has been fixed.