Jump to content

UFWJ extension in all files

levskyy
 Share

Recommended Posts

levskyy

levskyy

Posted
Posted

Hello, my friend downloaded virus and it changed all files extension to ufwj. I downloaded malwarebytes and removed all viruses but files is still the same. I know its ransomware and tried decrypting it but with no luck. Can you help me with file decryption of these files, is this even possible? Here is Personal ID: S8V466xXgqfeKHDu5mJO0w6gZ6i8w4oouiFHwPcZ
Can't upload file on forum so here is example file (in zip) https://we.tl/t-sjBVbq0mZl

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

@levskyy

Some added remarks & information.

I am sorry to read of anyone getting victimized by any encrypting ransomware.  Malwarebytes has NO decryptor.  New variants of the STOP/djvu ransomware family ( plus, other ransomware)  keep being generated all the time.  There are no known cures to fix files, documents, other files encrypted.   ( except for some selected OLD generations )

The best way to recover is from Backups made from before the incident.  Backup is your best friend.

As far as "removing" the ransomware ....most all ransomwares delete themselves once they have done their deed.

Q:  Did your friend very recently download some sort of "freebie" thing and then open that file ?  if so, what was it ?  where from ?

Q:  Does your friend have a offline backup of your system ?

I would suggest to study resources at BleepingComputer about ransomwares.  That forum is a community storehouse of current information.

STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Help & Support Topic - Ransomware Help & Tech Support (bleepingcomputer.com)

Link to post
Share on other sites
levskyy

levskyy

Posted
  • Author
Posted
2 hours ago, Maurice Naggar said:

@levskyy

Some added remarks & information.

I am sorry to read of anyone getting victimized by any encrypting ransomware.  Malwarebytes has NO decryptor.  New variants of the STOP/djvu ransomware family ( plus, other ransomware)  keep being generated all the time.  There are no known cures to fix files, documents, other files encrypted.   ( except for some selected OLD generations )

The best way to recover is from Backups made from before the incident.  Backup is your best friend.

As far as "removing" the ransomware ....most all ransomwares delete themselves once they have done their deed.

Q:  Did your friend very recently download some sort of "freebie" thing and then open that file ?  if so, what was it ?  where from ?

Q:  Does your friend have a offline backup of your system ?

I would suggest to study resources at BleepingComputer about ransomwares.  That forum is a community storehouse of current information.

STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Help & Support Topic - Ransomware Help & Tech Support (bleepingcomputer.com)

Yes, i connected with im on teamviewer and he showed me some websties where he downloaded files. One of these was definitly suspicious.

He have some files on external drive so we done a format and thats end of story. 

Maybe this will teach him that 95% of "free premium" is virus.

Thanks for help guys :) 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.