This topic contains 1 reply, has 2 voices, and was last updated by agski 1 month ago.
June 19, 2021 at 3:23 am #399956
This morning, I received a call from my sister, who informed me that her computer had been attacked by ransomware, and that a payment of $700/$490 (within 72 hours) was needed for the key. I was able to trace down the .exe malware that was used to spread the virus, through analysis I was able to remove it all, but the files were still encrypted with the extension IQLL. I’ve tried a few things (Safe mode, Photorec, Reset PC, Emsisoft, and so on), but none of them have worked so far. Is there anyone who knows how to decrypt these files legitimately?
June 19, 2021 at 3:23 am #399957
If you send me the file I can try and see if theres a free decryptor, or you can look and see if she has shadow copies enabled. I can also check if there are flaws in their encryption implementations, but chances are its gonna be a lesson learned.
June 19, 2021 at 3:23 am #399958
Try to identify the ransomware group, and see if any of these can help you out good luck. [nomoreransom](https://www.nomoreransom.org/en/index.html)
June 19, 2021 at 3:23 am #399959
The data is gone. Restore from backup or recreate. If neither of these is an option, the data is truly gone.
It is mathematically infeasible to defeat modern encryption without there being some flaw in the attackers methods. With ransomware as a service, flawed attacks are quickly weeded out.
I apologize if this is disheartening. But it is the truth in the overwhelming majority of cases.
Your only hope is that legitimate law enforcement seizes the bad actors assets and releases the private keys. Again this is mathematically unlikely. Like winning the lottery unlikely.
June 19, 2021 at 3:23 am #399960
I did some Google research based on the extension you mentioned. The ransomware appears to be called STOP (Djvu) and its a new variant from 2019 onward. From the article mentioned [here](https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/?fromsearch=1) you will need the offline keys to try and decrypt but ita not guaranteed.
June 19, 2021 at 3:23 am #399961
I feel compelled to ask, and please don’t share more info than you’re comfortable with but: is there a reason she was targeted? High profile or totally random?
June 19, 2021 at 3:23 am #399962
If you removed the actual ransomware, I doubt the files will be decrypted, as you won’t break the secret key. Of course, I am no expert and I can be definitely wrong
June 19, 2021 at 3:23 am #399963
Edit: before you do anything at all, image that drive, make a copy so you’re working off a copy of the image.
I’ve often wondered if it’s possible to do an end run around encryption by using file recovery software like GetDataBack.
First time I had a crash on Win XP years ago I used it and it turned out there’s multiple copies of everything , I guess because de-fragmentation moves files around to try to make everything contiguous . If you have an SSD you might not be able to use it that way because files don;t need to be contiguous for speed., thus you don’t defrag those.
I don’t do Windows anymore but I’m tempted to test that. That would seem to be possible and laughable if it works, being so easy.
Also if that’;s the case… and I did have multiple copies of everything, even files I had deleted intentionally which caused me to start using eraser to overwrite.. HDDs should be able to hold 5 or 10 times as much data…. at least with a simple software rewrite, maybe just the firmware. I thought of this years ago when I saw that and never mentioned it and it;s beyond my pay grade. So if anyone does this (assuming it hasn’t been done already) give me a mention and I hope you open source it.
Someone sends me a ransom demand with that amount whether or not I recover the data they’re getting a smart-ass note from me **”Thanks for the vote of confidence guys, it’s never going to happen but I admire your enthusiasm”.**
June 19, 2021 at 3:23 am #399964
June 19, 2021 at 3:23 am #399965
Always remember to backup ur files on google drive so they are easy to recover. 🙂
You must be logged in to reply to this topic.