Emsisoft V1.0.0.5:


Hi All...help me with this djvu ransomware...PLEASE...it lock all my kids picture in my external HDD...please help me...just happen half of it i just upload already..another half all become .ifla...even after changing to .jpg .mp4 also cant open the file...help me pls...so sad...just my kids picture...why need so cruel...not rich either to pay RM4000 money to them..its 3 times my salary...so sad this guy making money like this....hope he die in cruel way....

please help me...i rather pay you all a bit than them..help me decrypt .ifla file...many thanks

This post has been edited by shuyina: May 17 2022, 02:50 AM

There's nothing you can do for unknown ransomware encryption but wait. If you're lucky, you will get a decryption key in the future but don't get your hopes up
Most decryption key is only released when the culprit is caught
But right now there's nothing you can do but move on from this and learn the lesson of not storing your important data in only 1 place
If you're unwilling to pay for cloud storage, store your important data in multiple storage. At least in 2 places

Run secure erase on your SSD/HDD then do a clean installation of Windows

yes..in hdd..in cloud and FB...but in my hdd is all picture...half of it not upload..just sorting yesterday to upload by folder..but yesterday when open pc..all file broken..so sad..i got no information important..just my child picture only...so dont have any tool to help me? recovery app? restore point? anything?

Stuff like this.. your best guess is to search guide in youtube

im doint it from 8pm-4am yesterday..not much sleep either

what im doing:

-recovery using recuva - have picture but corrupt
-change extension from ".jpg.ifla" to ".jpg" also corrupt
-install spyhunter5, need 48hour wait because free version
-scan using malwarebyte done but nothing repair for file
-scan using 360 total security many time..nothing found virus anymore
-upload sample virus and readme

-using app decrypt_STOPDjvu.exe by emsisoft

-run in safemode to scan virus
-using hijackthis from microtrend to delete suspicious .exe
-delete suspicious .exe in task manager
-disable/delete in task schedule

what need i do anymore? EaseUS Data Recovery Wizard not using because no have money to buy many program that i dont know will work or not...im doing it..not just sit down ask help..

Whatever data recovery software is no use at the moment. Data recovery is to recover accidentally deleted data, not data encrypted by ransomware.

As mentioned earlier, for unknown ransomware encryption, there's nothing you can do
Not even paid software can help you with this

Pack all the infected files in ZIP/RAR then upload them to cloud storage for backup purposes
After that, secure erase all your SSD & HDD then proceed to install a clean Windows on the PC

Maybe recover old picture?

so just zip all file and store in cloud? after that?

What apps did u download or install until got ransomware inside?

i dont install anything..just transfer movie from hp to laptop only..sudently my movie .ifla...then i know all my item in hdd become .ifla....

i dont install anything..just transfer movie from hp to laptop only..sudently my movie .ifla...then i know all my item in hdd become .ifla....

Nothing
As I said earlier, if you're lucky, there may be a decryption key in the future. But I can't stress this enough: Don't put your hopes up

Just proceed with my advice and move on. There's nothing you can do about recovering your files for now

Ok..upload all file to terabox

And try recovery external..maybe some pic left inside..that all i can do for now..dam u hacker...just my daughter pic also want ransom..for bitcoin money..god will punish later...

If someone know how to decrypt .ifla fila..let me know..many thanks..so sad..cant view my daughter pic born..

This post has been edited by shuyina: May 17 2022, 12:53 PM

Impossible for any app to install itself unless u been downloading warez (pirated apps).

Anyhow, stop using the PC all together and wipe it clean. Alternatively, use Mac or Linux if u plan to browse suspicious sites.

Most malware are in EXE format and cannot execute on Mac or Linux.

In the future, separate the family computer to different machine.

dont know..i just copy from my friend movie only...no app install...for now before clean format..i need to backup all infected file to terabox 1st...maybe someday can recover the file...using tool or emsisoft decrypt app...after backup i delete all...can? for now im using 360 total security, malwarebyte, spyhunter5...my windows defender cant open anymore...disable by virus...so sad

could have hidden files within that drive with movies

also, I don't think 360 is a good antivirus, consider Bitdefender or Kaspersky

Yeah both good but need pay...no free version

Good apps are never free, to begin with.

Even if free, many features will be disabled.

bitdefender and kaspersky both also got free.
https://www.bitdefender.com/solutions/free.html
https://www.kaspersky.com/free-antivirus

This post has been edited by akhito: May 17 2022, 07:03 PM

This is one nasty Trojan malware!

Read This.

Yeah..true..hope someday i can afford it hehe

Why i cant find it? Write free word already..just full version and need to register user to activate trial

Yeap..all about money..scam people for money..world now today..now recovery using easus data wizard..its that wondershare repairit better? Virus remove already..but still i want format it after recovery my hdd to cloud...now recovery all data..hdd 2tb..but recovery found 3.5tb haha..

This post has been edited by shuyina: May 17 2022, 08:33 PM

what do u meant i linked the website ald. both just need to register free acc to use with email

Yeah..i search not found the free link version..just page to download normal or pro version with subsribe to activate...will download kaspersky n bitdefender for my pc...its there have for android version also?

antivirus just use one. else they will fight against each other.
android free version
https://www.kaspersky.com/android-security-free
https://www.bitdefender.com/solutions/antiv...or-android.html

Ok..i used bitdefender for hp and laptop..thanks for advice

Your BitDefender did not manage to block the ransomware before it spread? Ransomware won't simply attack your computer if you didn't do anything hanky pranky.

How ransomware spread and attack their victim?
1. Download and install illegal/pirated software/games
2. Browsing to video streaming websites (porn or non-porn)
3. Visiting to porn or illegal online gambling websites
4. Malicious email attachment or links thru email
5. Someone purposely inject the malware onto USB storage and share it to you
6. Someone on the same network got infected by the ransomware and it spread across network thru share folder

Basically, DJVU ransomware is not that new anymore and those file which encrypted by ransomware cannot be recover. Just forget it unless those data encrypted worth over 6 digits. There are many case that corporate paid to the ransomware creator but it didn't manage to decrypt back all files 100%.

This post has been edited by JonathanHanYT: May 18 2022, 09:06 AM

Honestly I dont really use those software that shows up first in results like easeus, wondershare, etc...

because they just want to sell you their software

they generate many articles with a template like "How to fix [problem]"

the first few methods are hard and confusing, so you give up on those and download their software instead.

Not used bitdefender before..using 360 total security only

Yeah they sold app..but i manage to get some picture using easus recovery..the problem is i recover 2tb hdd..but total size recover is 4tb..haha..where can i put those 4tb file..haha..all picture can view but not sorting in folder anymore

Uninstall 360 Total Security. This China AV always secretly download and install something on your computer. My friend install it on his laptop before and after that found out got many tiny application installed and running on his laptop without his knowledge. I also installed it on my dad old laptop and it also install some plug-in and additional software onto the laptop. I working as IT in international school before, I got few student come to my office seek for help because the laptop becoming slower and I found out all of them running with this 360 Total Security. I help them remove it and clear the registry with CCleaner. After reboot, everything run smoother.

edited

This post has been edited by chocobo7779: May 19 2022, 11:41 PM

First of all, please upload the ransom note and the encrypted file here:
https://id-ransomware.malwarehunterteam.com/

This will determine the type of ransomware you've been infected with

From the thread title, you said that it is a STOP (DJVU) ransomware - this is a very common form of ransomware, spread through pirated/cracked software, especially popular software such as Windows/Office/Adobe software suites/AutoCAD:

https://www.bleepingcomputer.com/news/secur...adware-bundles/


Note that ransomware attacks can be very devastating not just due to loss of important data, in many cases ransomware can bundle additional malicious software such as infostealers (information stealers) that can steal passwords and credentials of your online accounts such as email and online banking accounts which can be used to take over or compromise your online accounts for more nefarious purposes
https://www.bleepingcomputer.com/news/secur...e-cryptominers/

You should change your passwords for all your online accounts on an uninfected machine, and enable 2 step verification (also known as 2 factor authentication, 2FA) if the online accounts supports it. Enabling 2 factor authentication can significantly improve your security of your online accounts by requiring an additional authentication method, such as codes generated from a mobile app. This will prevent cybercriminals from accessing your account even if your password has been compromised in some ways or another

You should also never try to pay the ransom, as cybercriminals are not obliged to give you the data back even if the ransom are paid (in fact this will further incentivizes the ransomware author more), see here:
https://www.bleepingcomputer.com/forums/t/4...-2#entry5109879

It is also possible that the encrypted data may not be recoverable and in this case occurs, your data should be considered permanently lost and you should restore them from a backup
Warning: you should only restore your data if your machine has been thoroughly disinfected, otherwise the ransomware can encrypt your backups


Now, you should try using ShadowExplorer and try to recover your files through Shadow Copy (a Windows feature that takes snapshots of files which can be used for file recovery). However this may not work as many ransomware often deletes the snapshots to prevent any possible restoration of data:
https://www.bleepingcomputer.com/download/shadowexplorer/

There is a forum thread dedicated to assist DJVU ransomware victims, so it might be worth asking here instead:
https://www.bleepingcomputer.com/forums/t/6...-topic/page-753



From the forum thread:
Unless the cybercriminal responsible for the ransomware has been arrested by the police with the decryption key being released to the public, there's basically nothing you can do to get your data back. Make this a hard lesson that:
1. Never download pirated software as many ransomware tends to be bundled with cracked software
2. Never visit shady websites or websites offering links to pirated content
3. Use an adblocker; while the use of adblocker is controversial as this can deprive the website owner of ad revenue, however an adblocker will be useful against malicious advertising (malvertising) and sometimes it is considered as a important security feature for modern web browsers

Even cloud storage may not help in this case due to ransomware can encrypt the cloud folder of your PC, which will be synced to your account unless your cloud storage supports some form of versioning

Not long ago, a netizen come to programming board and ask for help, though I was skeptical of his request, might he use the program as ransomware to encrypt target's data?