Aniket 0 Posted August 30, 2019 Share Posted August 30, 2019 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 30, 2019 Administrators Share Posted August 30, 2019 If you have your system protected against attackers logging in under an administrator account, then the protection against new malware (include ransomware) is excellent. However, if attackers can log in via RDP, pause protection and then run malware (ransomware) undetected, then the primary problem is in unsecured RDP. Please contact samples[at]eset.com and provide: - a handful of encrypted files (ideally Office documents) - the ransomware note (payment info) - logs collected with ESET Log Collector (ESET must be already installed, activated and updated prior to collecting logs). Link to comment Share on other sites More sharing options...
itman 1,659 Posted August 30, 2019 Share Posted August 30, 2019 This is a new variant of STOP ransomware: https://twitter.com/demonslay335/status/1166760481786421248 Link to comment Share on other sites More sharing options...
itman 1,659 Posted August 30, 2019 Share Posted August 30, 2019 (edited) Some additional important information: Quote In addition, the STOP-Djvu Ransomware does the following: 1) leaves behind a software module that steals personal information from browsers and other programs; 2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims. For these targets: 1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $). 2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you. The path to this file is: C:\Windows\System32\drivers\etc\ https://support.emsisoft.com/topic/31789-got-infected-by-gero-ransomware-file-need-decrypt/ Additionally, it appears this variant is not decryptable: Quote It's important to note that STOPDecrypter will not be able to help with this newer variant of STOP/Djvu. They've changed the encryption method they use, and STOPDecrypter doesn't support it. Edited August 30, 2019 by itman Link to comment Share on other sites More sharing options...
Aniket 0 Posted September 2, 2019 Author Share Posted September 2, 2019 Thank you everyone to reply Is there any possibility to recover those encrypted files. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 2, 2019 Administrators Share Posted September 2, 2019 Files encrypted by Filecoder.STOP cannot be decrypted, only some older variants can be. Link to comment Share on other sites More sharing options...
Recommended Posts