Assigned I need someone to help me to decrypt efdc files

This thread is being handled by a member of the staff.
Status
Not open for further replies.

diufung

New Member
Thread author
Sep 13, 2021
7
My PC was affected by the efdc ransomware on last Monday. I tried any tools and software to recovery my files, however it's unsuccessful.
Now, I would like to ask everyone, who can help me to recovery my files as soon as possible. I'm so confused because my important files are encrypt at this moment.

Thanks for everyone noted and reply.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello diufung

I am Karsten and will help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .efdc has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt but repair certain file types.

Please upload an encrypted file and a ransom note to id-ransomware to confirm that it is indeed STOP/DVJU ransomware. Tell me the result.
 

diufung

New Member
Thread author
Sep 13, 2021
7
hi Karsten, thank you for your replying.
I would like to know the further action to repair my JPG, Microsoft word and excel, zip files. Could you mind to help me?
Thank you so much.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
I need to identify the ransomware first. Can you please tell me the result of id-ransomware OR your personal ID that is in the ransom note (if there is any)?
 
  • Like
Reactions: Vitali Ortzi

diufung

New Member
Thread author
Sep 13, 2021
7
I need to identify the ransomware first. Can you please tell me the result of id-ransomware OR your personal ID that is in the ransom note (if there is any)?
Can I text you by email or IG? Or I post the id ransomware in this post? Thanks Karsten
 

diufung

New Member
Thread author
Sep 13, 2021
7
hi Karsten, I sent a text to you in last week. Did you received?
I checked the ID is Stop ransomware which the ID is still in online.
Additionally, I would like to know how to turn the ID from online to offline?
How can I repair my jpg files and videos? Thanks!
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello diufung.

I did not receive anything last week. I do not get any notifications if someone uploads to id-ransomware. It is just a service website.
Based on your DM today you have confirmed STOP/DJVU ransomware encrypted with an online key.

Changing the ID to an offline ID will not help you. The ID is just a way for the attacker to find the correct key that belongs to your files only. If the wrong one is used, e.g. because you changed your ID manually, your files are still not decrypted. Similar, if you have the key to your neighbors house, you cannot open your own house with it. Your need the key to your house.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

I can assist you with step 1 and 2. But be aware that chances of success are pretty low.
 

diufung

New Member
Thread author
Sep 13, 2021
7
Hello diufung.

I did not receive anything last week. I do not get any notifications if someone uploads to id-ransomware. It is just a service website.
Based on your DM today you have confirmed STOP/DJVU ransomware encrypted with an online key.

Changing the ID to an offline ID will not help you. The ID is just a way for the attacker to find the correct key that belongs to your files only. If the wrong one is used, e.g. because you changed your ID manually, your files are still not decrypted. Similar, if you have the key to your neighbors house, you cannot open your own house with it. Your need the key to your house.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

I can assist you with step 1 and 2. But be aware that chances of success are pretty low.

Understood. I only want to recover my photos and videos. A majority of these files were zipped.
I mean If I repair the zip files, which can save my important files.
However, I tried so many repair software, I cannot repair my photos, videos and zip files.
Could you mind to help me? Thanks for your help, Karsten
You are a good guy.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Could you send me one of the ZIP files? I would like to try something. I will PM you an email address if needed.
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
In posted this as DM and I am re-posting it here because the info might be important for others too.

You can decompress ZIP archives that were encrypted by STOP ransomware, as long as they are fairly big. Only the first entries will be encrypted, the others should decompress just fine.
Small ZIP archives cannot be recovered, though.

I recommend to use 7zip because other software might not be as fault-tolerant.

Right-click on your file
Click on 7-zip.
Click on Extract here.

rightclick_archive.png


After that you will see a screen like this one:

extract.png

Note that some of the contained files cannot be extracted (those are shown as Headers Error here). These are in the STOP encrypted portion of the archive.
 
  • Like
Reactions: Gandalf_The_Grey
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top