Jump to content

Archived

This topic is now archived and is closed to further replies.

Aniket

Isn't ESET Internet Security should prevent from Ransomware? Even through there was ESET Internet security installed in the computer, ransomware encrypt my files.

Recommended Posts

If you have your system protected against attackers logging in under an administrator account, then the protection against new malware (include ransomware) is excellent. However, if attackers can log in via RDP, pause protection and then run malware (ransomware) undetected, then the primary problem is in unsecured RDP.

Please contact samples[at]eset.com and provide:

- a handful of encrypted files (ideally Office documents)
- the ransomware note (payment info)
- logs collected with ESET Log Collector (ESET must be already installed, activated and updated prior to collecting logs).

Share this post


Link to post
Share on other sites

Some additional important information:

Quote

In addition, the STOP-Djvu Ransomware does the following:

1) leaves behind a software module that steals personal information from browsers and other programs;
2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims.

For these targets:

1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $).
2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you.

The path to this file is: C:\Windows\System32\drivers\etc\

https://support.emsisoft.com/topic/31789-got-infected-by-gero-ransomware-file-need-decrypt/

Additionally, it appears this variant is not decryptable:

Quote

It's important to note that STOPDecrypter will not be able to help with this newer variant of STOP/Djvu. They've changed the encryption method they use, and STOPDecrypter doesn't support it.

 

Share this post


Link to post
Share on other sites

Thank you everyone to reply

Is there any possibility to recover those encrypted files.
 

Share this post


Link to post
Share on other sites

Files encrypted by Filecoder.STOP cannot be decrypted, only some older variants can be.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...