Old STOP / DJVU Ransomware Arabic / English
For Old STOP/DJVU Ransomware Variants encryption
I have made this tutorial for (Arab And English spoken) victims, who are infected with some old STOP/DJVU Ransomware variants.... and there are more in Mango School Channel.
Many users indicate that the cryptoware is injected after downloading repackaged and infected installers of popular programs, pirated activators of MS Windows and MS Office distributed by the frauds through popular websites. This relates to both legitimate free applications and illegal pirated software.
The cryptoware may also be spread through hacking by means of poorly protected RDP configuration, via email spam and malicious attachments, misleading downloads, exploits, web injectors, faulty updates, repackaged and infected installers.
MS Office or OpenOffice documents, PDF and text files, databases, photos, music, video or image files, archives, application files, etc. The SystemID/PersonalID.txt file created by STOP (DJVU) on your C drive contains all of the ID’s used in the encryption process. Almost every offline ID ends with “t1”. Encryption by an OFFLINE KEY can be verified by viewing the Personal ID in the _readme.txt note and the C:\SystemID\PersonalID.txt file.
How to know if ransomware ONLINE or OFFLINE ?
Find the PesonalID.txt file located in the folder C:\ SystemID\ on the infected machine, and check to see if there is only one or multiple IDs.
If the ID ends with “t1” there is a chance that some or your files were encrypted by the OFFLINE KEY and are recoverable.
If none of the ID’s listed ends with “t1” then all of your files were most likely encrypted with an ONLINE KEY and are not recoverable at this time.
OFFLINE KEY indicates that the files are encrypted in offline mode "no internet connection".
After discovering this key, it will be added to the decryptor and that files can be decrypted.
ONLINE KEY was generated by the ransomware server. It means that the ransomware server generated a random set of keys that were used to encrypt files. Decrypt such files is not possible.
Encryption with the RSA algorithm used in the latest DJVU variants does not allow to use a pair of “encrypted + original” files to train the decryption service.
This the secure type of encryption is resistant to cracking and it is impossible to decrypt files without a private key. Even a supercomputer will need 100`000 of years to calculate such a key. "video is available in our channel"
