Good day, I have been hacked anonymously, that all my files was been renamed or encrypted by a ransomware STOP/DJVU. Is there someone out there can decrypt or solve this? Need Instruction. Thank you so much.
Note: I already tried several apps but then it did not resolve.
Most common cause for STOP/DJVU is software that was downloaded from dubious sources. There are many variants that all come with their own (mostly 4 character) extension.
STOP/DJVU decryption
Emsisoft has a decryptor that can decrypt some. If you find your variant isn't currently supported, all you can do it wait and try again every few weeks as Emsisoft does not announce newly supported variants.
Anyone else claiming he/she can decrypt is either a scammer of someone with ties to the distributor of the ransomware.
By coincidence I made some discoveries about two years ago. I repair photos and was asked to look at some that I later found out were victim of ransomware (client already removed the ransomware extension). Long story short I could (partially) repair the files and so then when I learned the files were the victim of ransomware, I realized the ransomware did not encrypt the entire file. To more precise the first 153605 bytes of the file are lost.
STOP/DJVU file repair
It depends very much up on the file type, but by cutting first 153605 bytes from a victim file + by gluing a valid header we take from a reference file + by updating key values inside the header some file types can be repaired.
Examples:
Tool will ask for 'corrupt' and a 'reference' file. By reference file is meant, an intact photo shot with same camera with settings matching as closely as possible. This will be a 2 page story so instead I'll link to video: https://youtu.be/ouSTB6Rg10g
Since a year or so some one picked up on the idea and created a far more ideal solution: https://youtu.be/XWq5xYNp0m0, again this is not free.
As I had some idea about general layout of MP4 and now knew that only part of the file was encrypted I decided to try repair these too. This resulted in a rather clumsy yet free utility Media_Repair. Again this will ask for a 'reference' file.
A short video on using it: https://youtu.be/3AKJ27sZ9_E
And also .. File recovery
The ransomware m.o. is
Open file > encrypt data > create new file > write data > save file > delete original.
That means in essence we're dealing with a 'normal' file deletion event and as such files may be recoverable. Of course such a deleted file risks being overwritten and thus becoming unrecoverable, and since the ransomware constantly deletes and creates new files, many probably will be. Still, in some cases I have been able upto 30% of someone's JPEGs using a file carver. In other cases I came up empty handed.
A good, free and well know file carver is PhotoRec.
Summary
If the Emsisoft decryptor does not support your specific STOP/DJVU variant and you're not willing to pay the ransom, options are limited and far from ideal. You will lose data, even a partially repaired photo of video effectively lost data. But I still hope this helps someone.
Final word of warning
It is not uncommon for criminals and scammers to take payment without holding their end of the bargain. So you pay, you get nothing. Sometimes they even go as far as taking payment, and then once they know you're willing and able to pay, raise the ransom. BE CAREFUL!
