Ransomware Cases are increasing !!
December 8th, 2021, 10:30
We are receiving increased number cases of Ransomware, Emisoft descriptor unable to handle new online encryption keys.
Many cases we return and this is new one I attached some files, The file changed to .futm
Hope anyone is working on this new challenge.
Many cases we return and this is new one I attached some files, The file changed to .futm
Hope anyone is working on this new challenge.
- Attachments
-
Fatima Enterprises Invoices Ghani 20-21.pdf- (220.1 KiB) Downloaded 296 times
-
- Appeal 45-B draft order.doc
- (46.83 KiB) Downloaded 260 times
Re: Ransomware Cases are increasing !!
December 8th, 2021, 21:16
What are these files you attached?
.futm sounds like STOP/DJVU, correct? I have talked to developer of the Emsisoft decryptor, and they're only doing silent updates. So you need to keep checking that tool every few weeks or so.
I don't think that there's a lot anyone can do really.
There are some repair options for some file types.
My Media_Repair tool for some video/audio formats MP4, MOV etc., https://youtu.be/3AKJ27sZ9_E , other video repair tools like Stellar work too provided you have a reference file.
There's now a JPEG tool at the JpegMedic website, free for personal use. Not too expensive for commercial use, https://youtu.be/YbDuN7-kE2s. My JPEG-Repair can do it too but the specialized tool is far more convenient and automatic.
I can now repair Canon RAW CR2 files automatically as well as some other RAW formats, https://youtu.be/bnU0KpT55bo , but they're also easy to do using any hex editor.
Key is that the malware (STOP/DJVU) encrypts exactly 0x25800 (153,600) bytes of the file, skipping the first 0x05 bytes.
.futm sounds like STOP/DJVU, correct? I have talked to developer of the Emsisoft decryptor, and they're only doing silent updates. So you need to keep checking that tool every few weeks or so.
I don't think that there's a lot anyone can do really.
There are some repair options for some file types.
My Media_Repair tool for some video/audio formats MP4, MOV etc., https://youtu.be/3AKJ27sZ9_E , other video repair tools like Stellar work too provided you have a reference file.
There's now a JPEG tool at the JpegMedic website, free for personal use. Not too expensive for commercial use, https://youtu.be/YbDuN7-kE2s. My JPEG-Repair can do it too but the specialized tool is far more convenient and automatic.
I can now repair Canon RAW CR2 files automatically as well as some other RAW formats, https://youtu.be/bnU0KpT55bo , but they're also easy to do using any hex editor.
Key is that the malware (STOP/DJVU) encrypts exactly 0x25800 (153,600) bytes of the file, skipping the first 0x05 bytes.
Re: Ransomware Cases are increasing !!
December 9th, 2021, 10:37
Thanks for your suggestion I will keep update with the effected users.
This user need doc, and xls file to repair which I have attached.
And then MySQL Database .MDF and .LDF
This user need doc, and xls file to repair which I have attached.
And then MySQL Database .MDF and .LDF
Arch Stanton wrote:What are these files you attached?
.futm sounds like STOP/DJVU, correct? I have talked to developer of the Emsisoft decryptor, and they're only doing silent updates. So you need to keep checking that tool every few weeks or so.
I don't think that there's a lot anyone can do really.
There are some repair options for some file types.
My Media_Repair tool for some video/audio formats MP4, MOV etc., https://youtu.be/3AKJ27sZ9_E , other video repair tools like Stellar work too provided you have a reference file.
There's now a JPEG tool at the JpegMedic website, free for personal use. Not too expensive for commercial use, https://youtu.be/YbDuN7-kE2s. My JPEG-Repair can do it too but the specialized tool is far more convenient and automatic.
I can now repair Canon RAW CR2 files automatically as well as some other RAW formats, https://youtu.be/bnU0KpT55bo , but they're also easy to do using any hex editor.
Key is that the malware (STOP/DJVU) encrypts exactly 0x25800 (153,600) bytes of the file, skipping the first 0x05 bytes.
Re: Ransomware Cases are increasing !!
December 9th, 2021, 13:27
That DOC will never be repairable, too small. It's completely encrypted as, as stated 150 KB of the file are encrypted. As a rule of thumb I do not even attempt to repair files < 1 MB.
Re: Ransomware Cases are increasing !!
December 21st, 2021, 8:41
We talk with the hacker they asked 0.01 bitcoin around 490 USD, but we don't want to send them because it will increase their ransoms, I have attached new 3 MB file try this if you can.
- Attachments
-
- KAPPA NEW DATA.rar
- (11.77 MiB) Downloaded 256 times
Re: Ransomware Cases are increasing !!
December 21st, 2021, 8:50
Vague.
Yet I see a 11 MB file.
Is this is a corrupt RAR file or is this a RAR file that is supposed to contain an encrypted file?
I am not saying or claiming I can repair any kind of file. My comment with regards to the DOC file was that they're too small to be repaired since STOP/DJVU encrypts 150 KB.
I have attached new 3 MB file try this if you can.
Yet I see a 11 MB file.
Is this is a corrupt RAR file or is this a RAR file that is supposed to contain an encrypted file?
I am not saying or claiming I can repair any kind of file. My comment with regards to the DOC file was that they're too small to be repaired since STOP/DJVU encrypts 150 KB.
Re: Ransomware Cases are increasing !!
December 22nd, 2021, 8:09
This rar is encrypted because of ransomware attack.
Re: Ransomware Cases are increasing !!
December 22nd, 2021, 8:18
I can not help with RAR.
Powered by phpBB © phpBB Group.