Ransomware attack on my pc

[Adwaith]

Yesterday i noticed that ,a software is encrypting some of my photos and document with (.nusm extension) . Later when i googled I came to know that it is ransomware (My system is running windows 7 ). After some of my files being encrypted I try to end task in Task manager but after some time it automatically starting and continue to decrypt my files . So I quickly turn off my computer . Till i turnoff my computer i didint get any message asking for Ransom How can i recover my files .

1. Does a clean Installation of windows will remove the ransomware . I don't care about C drive my important dates are in other partitions. Do i need to completely format my Disk
2.Can you guyz help me to decrypt my files..?

 

[struppigel]

Hello Adwaith

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.

• Read my instructions thoroughly, carry out each step in the given order.
• Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
• If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
• Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
• Back up important files before we start.
• Note: On weekends I might be slow to reply

-------------------------------------------------------------------

1. Does a clean Installation of windows will remove the ransomware . I don't care about C drive my important dates are in other partitions. Do i need to completely format my Disk

The ransomware is most likely not on your system anymore. It tends to delete itself after encrypting all files. However, it is still recommended to clean your system because ransomware is often accompanied by other malware.
A clean installation works perfectly for that. To prevent further infections, I highly suggest to install Windows 10, though. Windows 7 does not get security updates anymore, which makes it a heaven for malware to thrive in.

2.Can you guyz help me to decrypt my files..?

The file extension .nusm has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt but repair certain file types. In most cases the files are not decryptable.

Please upload an encrypted file and a ransom note to id-ransomware to confirm that it is indeed STOP/DVJU ransomware. Tell me the result.

 

[Adwaith]

Firstoff Thanks for your reply,

Yes it is Stop/dvju ransomware. Its not fully encrypted my data. As soon as its started to encrypt I quickly plug out my ethernet cable and shutdown my computer.

Now iam thinking about reinstalling windows 10. And not deleting my partioned drives (drive E and D) that having my data. By doing this can I remove the malware and recover my data. If so which software would you suggest. And also I have one more question

Is there a possibility of malware affecting my network.?

 

[struppigel]

I would like to estimate the infection status of your system first before I answer your questions. Generally this ransomware does not spread via the network. But it could have arrived with other malware.
Please run the following diagnostic scan.

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool and save the file to your Desktop. (Note: choose the right version, 64 or 32 bit, for your operating system, only one will run)
• Double-click FRST64.exe to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.

 

[Adwaith]

When I power on my pc the malware is being encrypting more and more files

 

[struppigel]

My bad, I wasn't aware you didn't turn it on since.
Please create a backup of your files.

You will need either a DVD burner and a DVD or a USB flash drive that you can turn into a bootable device.
Do you have any of those?

Download the ISO for this backup software:

Redo Rescue: Backup and Recovery Made Easy | Bare metal restore

redorescue.com

Use the ISO to create either DVD or bootable USB flash drive

Instructions to burn an ISO image on DVD (I am not sure what operating system you have, let me know if you need something else):

How to Mount and Burn ISO Files in Windows 10 and Previous

Here's how to mount the ISO image as a drive so you can see the contents or write it to a physical disc.

www.laptopmag.com

Instructions to create a bootable USB flash drive:

How to create a bootable USB for Windows 10

The easy way to create bootable USB windows 10 is by using the Rufus software. Check out all the steps and our video.

mspoweruser.com

 

[Adwaith]

I have a bootable USB containing Windows 10. As per your advice my plan is to install Windows 10 and not to remove my existing data partition(disk E and D). After the installation i prefer to install malware removal tool and after that take the necessary steps to decrypt the files using softwares like photo Rec etc .

Will this method works..? Also I admire your patience for answering my question..

 

[struppigel]

There is a slight risk that there is other malware on your system which may have infected files on your partitions E and D (STOP ransomware does not do this, but oftentimes an infected system has more malware than just one).
Hence, my idea was to backup those partitions and delete the complete harddrive.

However, we can also do it your way. You reinstall Windows while deleting your system partition but leaving partitions E and D the way they are.
Do not click on any of the files on those partitions, do not run them.

When you are done re-installing Windows, we should definitely look for potential remaining infections on those drives.
Post back here when you are ready.

 

[Adwaith]

OK. I will let you know after install Windows 10