🦍 Animal Humanity Is Better Than Human Humanity – A Lesson from the Brookfield Zoo Gorilla

![]() |
My files encrypted with xcvf Ransomware |
A strange extension "XCVF" has been added to my files, and I can't open them.
In fact, your files are totally encrypted by a Ransomware affect, which generate a new extension belongs to some types of malwares.
This type of attack can lock /encrypt/ damage your files (videos, images, documentations) and whatever you think. Then your file name will end by a new extension, so you can’t obtain access to them at all.
By adding its own extension to all the encrypted data. For example, the file “timesheet.xls and video.mp4” will be titled as “timesheet.xls.xcvf and video.mp4.xcvf”.
When the encryption is accomplished, it will put text document (_readme.txt) inside each folder that contains the encrypted files.
The used technique for file's encryption will release a unique decryption key, it is different for each computer system.
The needed decryption key is hosted on a special server under the total control by the attackers, who have actually launched the ransomware into the internet joined by the victim id, the users are told to contact the attackers through an e-mail or by telegram to pay the ransom in the quantity of $980 and this quantity will have 50% discount rate, that mean the ransom amount falls to $490 if the victim pay for them within 72 hours.
It's highly recommended that you do not pay the ransom, there is no warranty that these online cyber criminals will keep their promises, the victims may lose their money for nothing.
Also, it’s not recommended to contact the scammers as they instruct. Do not send them your money.
The Web is now loaded with infections comparable to the virus. It's recommended for you to frequently make backups of all your essential documents to an external storage. like, the USB Flash Drive, external hard disk drive, or using the cloud data storage services. Keeping the backups on your system drive is very risky.
All your questions and answers are here:
This type can hit your system by a method from these:
I talked before in mango school blog that you can remove xcvf ransomware virus from your system
To Remove Stop Djvu (xcvf) virus from windows10
To Remove Stop Djvu (xcvf) virus from windows 7
After you successfully remove it, install antivirus to protect your files.
If you are not yet able to remove the virus, scan your pc with any malware protection and remove the virus or install a new Windows to avoid any new data encryption.
If you have an activated shadow copy, you will be able to recover files from it.
You have to Change all your passwords used on the infected device because the ransomware or virus will pull the passwords stored in your browser and send them to the gangs.
STOP (DJVU) Ransomware has two versions.
You can run the Emsisoft decrypt tool on some of your encrypted files. It will tell you the status of those files.
Error: No key for New
Variant offline ID: *******
Notice: this ID appears
be an offline ID, decryption MAY be possible in the future.
If your encrypted files have an OFFLINE ID and its key is loaded in Emsisoft servers, then you can use Emsisoft decrypt tool to decrypt your files that have been encrypted.
When it gained from some victims it will be upload to servers.
ONLINE IDs for new STOP Ransomware are not supported by the Emsisoft Decrypt tool. If infected with an ONLINE ID, the Emsisoft Decrypt tool will indicate there is "no key" for this variant under the Results Tab and note it is impossible to decrypt.
Error: No key for New Variant online ID ***************************
Notice: this ID appears to be an online ID. decryption is impossible.
Emsisoft cannot help decrypt files encrypted with the ONLINE KEY due to the type of encryption used by the criminals.
Decryption of new DJVU Ransomware is impossible if infected by an ONLINE KEY without paying the criminals for that victim’s specific private key...these keys are unique for each victim and randomly generated in a secure manner. Without the master private RSA key that can be used to decrypt your files, decryption is impossible...the key cannot be brute-force and there is no way to gain access to the criminal's command server and retrieve this KEY.
That means for now, the only other alternative to paying the ransom, is to backup/save your encrypted data as is and wait for a possible future solution if encrypted by an ONLINE KEY.
In case your files
encrypted with ONLINE ID:
The important thing is, when you come to retrieve anything restore it to an external hard drive, not to the same hard drive.
You can use any of these tools according to your encryption status:
Photorec DataRecovery, Get data back.
for not free programs, you can try:
Disk Drill, Stellar datarecovery, Easeus data recovery.
If you don't have
important data use this plan by formatting your hard drive and re-installing a
clean copy of windows.
Follow Mango School Blog to find more tools.