I have Ransomware virus. what can I do?

[haithamm2023 0]

I have ((Ransomware virus)) all of my Date change extinction to  ((  QAZX  ))

what can i do and this unit virus not support to clean or remove this ...!!!??

pls any body can tell me what can i do to retrieve my data.?

 

My pleasure

thanks

 

[Marcos 5,273]

Please provide:
- logs collected with ESET Log Collector
- a handful of encrypted files (ideally Office documents)
- the ransomware note with payment instruction.

[itman 1,748]

You're infected with:

Quote

If you cannot open your images, documents, or files and they have a .qazx extension, then your computer is infected with the STOP/DJVU ransomware.

As noted in this removal guide: https://malwaretips.com/blogs/remove-qazx-ransomware-virus/ , recovery of your encrypted files is questionable.

Edited March 17, 2023 by itman

[safety 8]

On 3/15/2023 at 6:49 PM, haithamm2023 said:

I have ((Ransomware virus)) all of my Date change extinction to  ((  QAZX  ))

If the ransom note has the name _readme.txt, then it is most likely Filecoder.STOP, decryption is possible if encryption could happen with an offline key.

Quote

New Version: The newest extensions released around the end of August 2019 AFTER the criminals made changes....starting with .coharos (v146) were never supported by STOPDecrypter.  However, OFFLINE IDs/KEYS for some newer variants have been obtained by Emsisoft and uploaded to their server. This is possible after a victim pays the ransom, receives a private key from the criminals and shares (donates) that key with the Emsisoft Team. ONLINE KEYS are UNIQUE for each victim and just like older versions, they are randomly generated in a secure manner and are impossible to decrypt without paying the ransom which is not advisable. Since ONLINE KEYS are unique and random for each victim, they cannot be shared or re-used by other victims. 

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-djvu-puma-promo-support-topic/

 

[el el amiril 0]

@haithamm2023 did you check your eset ransomware protection?

[itman 1,748]

2 hours ago, el el amiril said:

@haithamm2023 did you check your eset ransomware protection?

Assumed is the OP did not have Eset installed when he was infected with ransomware. If Eset was installed, he would be "ranting" how Eset didn't detect it.

[Marcos 5,273]

I've just come across a case where the user downloaded a KMS "activator":

27. 3. 2023 20:33:45    Real-time file system protection    file    D:\SOFT  WIN10\Ofimatika\Office Professional Plus 2021 AIO 2 In 1 - 2202 (build 14931.20132) - Ita (23 Aprile 2022) by GRISU\Activator_KMS_VL_ALL_AIO\KMS_VL_ALL_AIO.exe    Win32/Filecoder.Crysis.P trojan    cleaned by deleting   Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (6DAB8C3822A0CAB5B621FD2B7F16AEBB159BCB56).  

Because it was detected and ESET allegedly prevented it from running, he paused protection, thinking that activation will succeed then. Instead the ransomware was run and encrypted files.

[LesRMed 23]

50 minutes ago, Marcos said:

Because it was detected and ESET allegedly prevented it from running, he paused protection, thinking that activation will succeed then. Instead the ransomware was run and encrypted files.

Some people are their own worst enemy.

[itman 1,748]

28 minutes ago, LesRMed said:

Some people are their own worst enemy.

I was just going to post the same. I will also add;

1. You are performing illegal activity.

2. The method used to perform the illegal activity is one that has been of late repeatedly publicly commented on as having a high likelihood of infecting your PC with malware.

3. You disable your security protection to allow the method to run unimpeded.

Finally, you expect your security vendor to assist you in correcting the situation. I say ........... not!

Edited March 29, 2023 by itman