Need help decrypt file .OPQZ

Status
Not open for further replies.

Rubik

New Member
Thread author
Mar 29, 2020
2
My file important have been encryption by OPQZ Virus
I search internet download Emsisoft Decryptor for STOP Djvu Ransomware but run error :

File: C:\Users\[removed]\Desktop\New folder\HG\Camera\IMG20151003121036.jpg.opqz
No key for New Variant offline ID: zmgd82h65FItjbl56ff6P5GS3sZpZ1qEEGUOW6t1
Notice: this ID appears to be an offline ID, decryption MAY be possible in the future

Everybody can help me, please. Thks so much!

p/s: ransom note: _readme.txt

Your personal ID:
[removed]
 

Attachments

  • _readme.txt
    1.1 KB · Views: 4
  • Like
Reactions: JocSantos

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you submit a sample of a compromised file to ID Ransomware.
Or if available submit a sample of the ransom and payment information.

Follow the instructions on this page.

They will advise you if these compromised files can be restored.
 

Rubik

New Member
Thread author
Mar 29, 2020
2
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you submit a sample of a compromised file to ID Ransomware.
Or if available submit a sample of the ransom and payment information.

Follow the instructions on this page.

They will advise you if these compromised files can be restored.
Result after check this site your advice:
1 Result
STOP (Djvu)
This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by
  • ransomnote_email: helpmanager@xxxmail.ch
  • sample_extension: .opqz
  • sample_bytes: [0xD134 - 0xD15A] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D

Click here for more information about STOP (Djvu)

But i run this software not success :(
 
Last edited by a moderator:

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hi,

Unfortunately, this tool will not work for every victim as it can only recover files encrypted by 148 of the 160 variants

Your version of the malware is possibly a new variant will not work.

Read this message from Emissoft.

Quoted from the link.

Mariano Andersson Guest • 5 days ago • edited
Hello im in Argentina i was infected from djvu opqz...i can send you a file rar containing the original and encrypted file, can you help me?
Regards

1

Reply

Share ›
Avatar
David Biggar Mod Mariano Andersson • 4 days ago
That is a newer STOP(Djvu) extension, and file pairs will not help to decrypt. There is hope if your files were encrypted and you were issued an offline ID, but it is currently impossible to decrypt newer STOP(Djvu) without the criminal's encryption key used on your files. Of course we never recommend paying the ransom unless there is absolutely no other choice.

All I can suggest is that your save the compromised files on a Flash disk and hope that a decryptor is found in the future.

Your only option at this time to recover you file is if you have a backup of your files saved some where.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top