yesterday my laptop infected usam file/ransomware

Status
Not open for further replies.
T

TLsoundsystem

New Member
Thread author
Jun 22, 2020
5
hi , yesterday my laptop infected usam file/ransomnote

have tried the STOP Djvu decryptor by Emisoft but it seems like its not working.

On every single file i'm getting this repsonse

please help me recovering .usam file



No key for New Variant online ID: mHsMMaDXIQqeA5vPWllaEGYI8FnwNKnW6m5FTUoa

Notice: this ID appears to be an online ID, decryption is impossible

Is there any way you could help me fix it? Thanks in advance!
 
  • Like
Reactions: upnorth
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello TLsoundsystem

I am Karsten and specialized in ransomware. The Emsisoft tool is spot on with the description. Your system was infected by STOP ransomware and the kind of encryption is not decryptable by anyone else than the criminals. That means there is no tool that will help you decrypt your files without a key.

Please be aware that there are currently also fake decrypters for STOP ransomware which will encrypt files a second time. If anyone claims they have a decrypter for STOP, do NOT trust them.

Your options now:

1) In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Backup your encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
3) There is of course always the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let us know if you have any questions or if you need anything else.
 
Last edited:
  • Like
Reactions: amico81, Vitali Ortzi, Gandalf_The_Grey and 1 other person
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello. I have some good news.

There is a tool that can repair some audio and video files encrypted by STOP ransomware.
Please note that repairing is not the same as decrypting. Some data is still lost, so only certain file formats can be repaired.

You will need a pair of encrypted and non-encrypted file for reference. Do you have such a pair of files?

Please reply back if you are still with me and want to try this. Then I will guide you through to the process.
 
  • Like
Reactions: Gandalf_The_Grey
T

TLsoundsystem

New Member
Thread author
Jun 22, 2020
5
struppigel said:
Hello. I have some good news.

There is a tool that can repair some audio and video files encrypted by STOP ransomware.
Please note that repairing is not the same as decrypting. Some data is still lost, so only certain file formats can be repaired.

You will need a pair of encrypted and non-encrypted file for reference. Do you have such a pair of files?

Please reply back if you are still with me and want to try this. Then I will guide you through to the process.
Click to expand...
How to repair .my file sir? Help me if you can
 
  • Like
Reactions: Gandalf_The_Grey
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
The tool can repair 6 file types: MP3, WAV, MP4, MOV, M4V, 3GP
If you have such files encrypted by STOP ransomware, download and run MediaRepair.

For most file types, you need a reference file, that is a non-encrypted file of the same file format as the encrypted ones. Video files will need this reference file. File types like MP3 do not need one.
  1. Run MediaRepair.
  2. Select a file type
  3. Navigate to the folder with your encrypted files.
  4. Now select one of your encrypted files and click on the Test
    television_test.png
    button     to check if the file can be repaired (see image below to find the button)
    • Note: If the program tells you at this point that it cannot repair these files, abort and continue with another file type.
  5. Now select a reference file that is not encrypted and has the same file type and click on the Select Reference
    folder_video.png
    button (see image below).
    • Note: If you have several reference files, prefer the smallest.
  6. Select the encrypted files you want to repair and click on the Play
    control.png
    button (below the file types) to start repair.
  7. Now wait for the program to finish.
  8. Navigate to your encryped files, you should find a folder named FIXED in there. This folder contains your repaired files.
Please report back to me when you are done.
media_repair_btns.png
 
  • Like
Reactions: CyberTech and Gandalf_The_Grey
T

TLsoundsystem

New Member
Thread author
Jun 22, 2020
5
struppigel said:
The tool can repair 6 file types: MP3, WAV, MP4, MOV, M4V, 3GP
If you have such files encrypted by STOP ransomware, download and run MediaRepair.

For most file types, you need a reference file, that is a non-encrypted file of the same file format as the encrypted ones. Video files will need this reference file. File types like MP3 do not need one.
  1. Run MediaRepair.
  2. Select a file type
  3. Navigate to the folder with your encrypted files.
  4. Now select one of your encrypted files and click on the Test
    television_test.png
    button     to check if the file can be repaired (see image below to find the button)
    • Note: If the program tells you at this point that it cannot repair these files, abort and continue with another file type.
  5. Now select a reference file that is not encrypted and has the same file type and click on the Select Reference
    folder_video.png
    button (see image below).
    • Note: If you have several reference files, prefer the smallest.
  6. Select the encrypted files you want to repair and click on the Play
    control.png
    button (below the file types) to start repair.
  7. Now wait for the program to finish.
  8. Navigate to your encryped files, you should find a folder named FIXED in there. This folder contains your repaired files.
Please report back to me when you are done.
media_repair_btns.png
Click to expand...
sir can u help me to repaiir my ableton / my software for produce music file ?
 
T

TLsoundsystem

New Member
Thread author
Jun 22, 2020
5
struppigel said:
The tool can repair 6 file types: MP3, WAV, MP4, MOV, M4V, 3GP
If you have such files encrypted by STOP ransomware, download and run MediaRepair.

For most file types, you need a reference file, that is a non-encrypted file of the same file format as the encrypted ones. Video files will need this reference file. File types like MP3 do not need one.
  1. Run MediaRepair.
  2. Select a file type
  3. Navigate to the folder with your encrypted files.
  4. Now select one of your encrypted files and click on the Test
    television_test.png
    button     to check if the file can be repaired (see image below to find the button)
    • Note: If the program tells you at this point that it cannot repair these files, abort and continue with another file type.
  5. Now select a reference file that is not encrypted and has the same file type and click on the Select Reference
    folder_video.png
    button (see image below).
    • Note: If you have several reference files, prefer the smallest.
  6. Select the encrypted files you want to repair and click on the Play
    control.png
    button (below the file types) to start repair.
  7. Now wait for the program to finish.
  8. Navigate to your encryped files, you should find a folder named FIXED in there. This folder contains your repaired files.
Please report back to me when you are done.
media_repair_btns.png
Click to expand...
i was try this but media pair said " i can not repair shot by this devies "
 
T

TLsoundsystem

New Member
Thread author
Jun 22, 2020
5
struppigel said:
The tool can repair 6 file types: MP3, WAV, MP4, MOV, M4V, 3GP
If you have such files encrypted by STOP ransomware, download and run MediaRepair.

For most file types, you need a reference file, that is a non-encrypted file of the same file format as the encrypted ones. Video files will need this reference file. File types like MP3 do not need one.
  1. Run MediaRepair.
  2. Select a file type
  3. Navigate to the folder with your encrypted files.
  4. Now select one of your encrypted files and click on the Test
    television_test.png
    button     to check if the file can be repaired (see image below to find the button)
    • Note: If the program tells you at this point that it cannot repair these files, abort and continue with another file type.
  5. Now select a reference file that is not encrypted and has the same file type and click on the Select Reference
    folder_video.png
    button (see image below).
    • Note: If you have several reference files, prefer the smallest.
  6. Select the encrypted files you want to repair and click on the Play
    control.png
    button (below the file types) to start repair.
  7. Now wait for the program to finish.
  8. Navigate to your encryped files, you should find a folder named FIXED in there. This folder contains your repaired files.
Please report back to me when you are done.
media_repair_btns.png
Click to expand...
are u there? see this my mediarepair.log , the wav file still cannot play or upload
 

Attachments

  • Media_Repair.log
    423 bytes · Views: 1
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello TLsoundsystem

Please give me some time for answering to you. This is not my job, me and the other helpers in this forum are doing this on their free time ;)

Let's try another tool. But be aware that this might not be successful either.
  • Please download PhotoRec, choose Windows 64-bit from that list.
  • Right-click on the testdisk-7.1.win64.zip archive and click Extract all.
  • Now navigate into the extracted folder and run qphotorec_win.exe
  • Select your Hard Disk from the list.
  • Make sure that FAT/NTFS/HFS+/ReiserFS is selected
  • Choose a destination for your recovered files by clicking on the "Browse" button
  • Now click "Search" and the tool will start recovering. Wait for it to finish, then click Quit
You will find recovered files in the selected destination folder.
If you had any external drives encrypted, you may try the same on them.

Please tell me if this worked for you.
 
  • Applause
Reactions: Gandalf_The_Grey
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello TLsoundsystem
I haven't heard anything of you in the last 4 days. Please let me know if you still require help.
I will close this thread in 2 days if I don't hear back from you so I can take the time to help others.
 
Status
Not open for further replies.

Similar threads

L
  • Locked
cdcc ransomware
Replies
2
Views
807
Inactive Support Threads
icotonev
icotonev
Claus
  • Locked
QQKK extension
Replies
2
Views
280
Windows Malware Removal Help & Support
Claus
Claus
R
    • Like
  • Locked
Need help to decrypt encrypted file by ransomware
Replies
1
Views
1,023
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top