Need help with "Paas Virus" on Windows 10

CalmCreeper360 · Unread post by **CalmCreeper360** » 03 Jun 2021, 09:59

As the title sais a friend of mine has caught the Paas virus on his Windows 10 machine.
He has reinstalled Windows and thus effectively removing the Virus, however his files remained encrypted.
He tried the "STOP Djvu" file decrypter but it didnt work.
It just gave an error saying that the version of the virus he has uses an online key and thus his files are impossible to be decrypted by the software.

Is there still a way tho to decrypt his files?
Any kind of help is much appreciated.

Thank you and have a nice day

docR · Unread post by **docR** » 03 Jun 2021, 14:24

Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.

Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.

Suppose you rename each of your files with some random file extension. Let's say _old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.

Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)

Be safe

CalmCreeper360 · Unread post by **CalmCreeper360** » 03 Jun 2021, 17:09

docR wrote: ↑03 Jun 2021, 14:24 Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.

Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.

Suppose you rename each of your files with some random file extension. Let's say _old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.

Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)

Be safe

Ouch!
Thats terrible!
Well, i will need to tell him now that all of his files are lost.
Maybe he will be more careful next time.
Also the reason why i recommended him STOP Djvu is because apparently Paas descends from the Djvu family so i though it might be worth a try.

Eclipse Community