My laptop is infected by jdyi ransomware

[Pritam]

While installing nitro PDF, a malware installed in laptop (win 10, build 1903). All image files, doc, xlx, pdf files are encrypted and rename with an extra extension name like, book.pdf renamed as book.pdf.jdyi
 

I renamed back the file as book.pdf but the file is not opening. This happen for all of the images and documents in my laptop.

It created a .txt file as

ATTENTION!

 

Don't worry, you can return all your files!

All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

https://we.tl/t-5fdKAsZLIP

Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

 

 

To get this software you need write on our e-mail:

helpmanager@mail.ch

 

Reserve e-mail address to contact us:

restoremanager@airmail.cc

 

Your personal ID:

0261ergaNlZjd12LzbL85OU35QlgIDnDVYjAxAvgpI1LkWNh

How can I recover back my files?

Edited November 1, 2020 by AlexSmith
Revised title

[Maurice Naggar]

Hello.  My name is Maurice.

I regret your trouble.

Be aware that ransomwares that encrypt user files continuously evolve and have rapid change cycles. Newer versions come out all the time.
It is difficult to tell which ransomware type or family is involved here.
But it is possible to upload 1 or 2 of your encrypted files & ransom-note-files for potential identification,

I would suggest you visit a special resource site called ID Ransomware & upload a couple of files and then save the resulting reports, and then post those logs here in a reply.

Read over the write-up  here https://www.bleepingcomputer.com/forums/t/608858/id-ransomware-identify-what-ransomware-encrypted-your-files/

Do the Upload to this site link   https://id-ransomware.malwarehunterteam.com/

.

Do be aware, in most cases the ransomware has Deleted itself by this point, where you are seeing changed Filename Extensions.

We can help you to remove the notes for ransom.    We cannot repair or recover any corrupted user files.

If you have a old backup of this machine, then you may recover from the backup.

 

Note this type of infection disables and erases old system restore on the disc.

.

Backup is your best friend.  Recovering the damaged files from a backup is the best way to get back good copies.

Do you have a recent backup of this system?

.

By any chance, had you downloaded some file or app or free-something  from the internet prior to getting hit with this ?

Did you have installed the Premium Malwarebytes for Windows prior to this incident ?

.

Malwarebytes has no decryptor tool.

[Maurice Naggar]

PS.  Was the Nitro PDF paid for and obtained directly from the software-maker ?   or was it a hack or a pirated version gotten from a dodgy site ?

Encrypting ransomware infectors often piggy back with so called "free-stuff" obtained from questionable sources.

It is awful that your machine is a victim.

[Maurice Naggar]

Hello.

Based on the contents of the ransom note ( that you posted before) this ransomware is one of the STOP Djvu.

As stated before, Malwarebytes has no decryptor.  Depending on whether the ransomware used a Offline key, it 'might' be possible to try using the Emsisoft Decryptor for Stop Djvu.   Before you attempt that, do 2 things.  Read the article on STOP ransomware at Bleeping computer

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

and 2, make backup copies of the encrypted files / documents just to be safe  ( before trying the decryptor ).

Emsisoft has a Detailed usage guide  on their tool  https://decrypter.emsisoft.com/howtos/emsisoft_howto_stopdjvu.pdf

Main page on the EMSISOFT STOP Djvu decryptor https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Take care on all this.  Be careful.  No rush.   Also know, this information is relayed as-is.  I can't help you on any of this.

Bleepincomputer is the best known resource on information on ransomware.

H T H

 

You should do a scan with your antivirus to check your system.   Likewise, also run a scan with Malwarebytes for Windows, as well,

[Maurice Naggar]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks