Assigned STOP/DJVU ransomware .cuag

This thread is being handled by a member of the staff.
Status
Not open for further replies.
Andyrif

Andyrif

New Member
Thread author
Feb 8, 2022
4
My computer was infected with a virus less than 48 hours ago, which changed all of my files to ".cuag," which I tried to recover in many ways but failed to do because it was an online variation of ransomware. Can someone assist me in regaining access to my files?
 
  • Like
Reactions: Kongo
struppigel

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .cuag has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt but repair certain file types.

Please upload an encrypted file and a ransom note to id-ransomware to confirm that it is indeed STOP/DVJU ransomware. Tell me the result.
 
  • Like
Reactions: Kongo
Andyrif

Andyrif

New Member
Thread author
Feb 8, 2022
4
struppigel said:
I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .cuag has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt but repair certain file types.

Please upload an encrypted file and a ransom note to id-ransomware to confirm that it is indeed STOP/DVJU ransomware. Tell me the result.
Click to expand...
Hi, thanks for answering.

I've uploaded the file to find out as you said, and I've also done as suggested, but to no avail because it asks for offline decrypt.
 
  • Like
Reactions: Kongo
struppigel

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Unfortunately your variant of STOP ransomware encryption cannot be decrypted without a key.

Your options without a backup:

1) Recovery: If you got ZIP archives that were encrypted by STOP, you can still retrieve parts of their contents. If you use file cloud services like Dropbox or OneDrive, those provide a file version history and might be able to restore previous versions of your files.
In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let me know you want assistance in any of the mentioned options above.

Furthermore, I recommend that you apply STOP vaccine to prevent future STOP infections from encrypting your files.
 
  • +Reputation
Reactions: Kongo
Andyrif

Andyrif

New Member
Thread author
Feb 8, 2022
4
struppigel said:
Unfortunately your variant of STOP ransomware encryption cannot be decrypted without a key.

Your options without a backup:

1) Recovery: If you got ZIP archives that were encrypted by STOP, you can still retrieve parts of their contents. If you use file cloud services like Dropbox or OneDrive, those provide a file version history and might be able to restore previous versions of your files.
In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let me know you want assistance in any of the mentioned options above.

Furthermore, I recommend that you apply STOP vaccine to prevent future STOP infections from encrypting your files.
Click to expand...
1. Unfortunately I don't have a copy of the file in the cloud service.

2. I just tried it but failed.

3. If possible, I can wait. But I hope to always get updates from here.

4. No! I will never want to pay.

A little information, all the files that are encrypted are on an external hard drive, but on my device they are all safe. But I have reset my laptop to initial settings (not reinstall windows). Possibly all viruses are now gone, because I have scanned regularly and repeatedly using Windows Defender and Kaspersky Total Security. Now, my laptop is running normally, only the external hard drive and all its contents are still a problem for me.
 
  • Like
Reactions: Kongo
Status
Not open for further replies.

Similar threads

L
  • Locked
No Reply cdcc ransomware
Replies
2
Views
462
Windows Malware Removal Help & Support
icotonev
icotonev
duma
  • Locked
Help to clean my PC after BHGR ransomware
Replies
2
Views
599
Windows Malware Removal Help & Support
nasdaq
nasdaq
Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
993
Security News
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top