Is this a new Djvu? extension .ribd

oraculo1

New Member
Feb 27, 2021
2
Today i've infected probably with a new Djvu version.
I've tried with Stop Djvu decryptor but nothing. In the web where says to upload the message (readme from encrypters) and one file, says i can use the tool, but does not work. May be an online ID?

This is the readme content:
"
ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
helpteam@mail.ch

Reserve e-mail address to contact us:
helpmanager@airmail.cc

Your personal ID:
0284oPsw3IcTwAeCZsHjJVUUtPaB6IAz6vNeS050UksNcl9Mn"

And extension added is .ribd

Any ideal please?

Thanks,
 

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
200
Hello, Welcome to MalwareTips..! :)

Navigate to this topic.


Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

Tell me the result...!


Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.


  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 
  • Like
Reactions: upnorth

oraculo1

New Member
Feb 27, 2021
2
Hello, Welcome to MalwareTips..! :)

Navigate to this topic.


Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

Tell me the result...!


Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.


  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
Hi,

I've just did yesterday ID Ransomware ask. It says:

STOP (Djvu)​

Por favor, consulte la guía apropiada para obtener más información.​


Identificado por

  • ransomnote_filename: _readme.txt
  • ransomnote_email: helpmanager@airmail.cc
  • sample_extension: .ribd
  • sample_bytes: [0x2D879D - 0x2D87C3] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
I dwonloaded and passes STop Djvu Decryptor and infection goes out (also passes malwarebytes as they says)
But seems it's no possible decrypt files beacuse has an online key, and i don´t know or i don´t have paired files.
 

Attachments

  • Addition.txt
    76.5 KB · Views: 8
  • FRST.txt
    54.6 KB · Views: 8
  • Like
Reactions: upnorth
Top