Page 1 of 1
Need help with "Paas Virus" on Windows 10
Posted: 03 Jun 2021, 09:59
by CalmCreeper360
As the title sais a friend of mine has caught the Paas virus on his Windows 10 machine.
He has reinstalled Windows and thus effectively removing the Virus, however his files remained encrypted.
He tried the "STOP Djvu" file decrypter but it didnt work.
It just gave an error saying that the version of the virus he has uses an online key and thus his files are impossible to be decrypted by the software.
Is there still a way tho to decrypt his files?
Any kind of help is much appreciated.
Thank you and have a nice day
Need help with "Paas Virus" on Windows 10
Posted: 03 Jun 2021, 14:24
by docR
Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.
Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.
Suppose you rename each of your files with some random file extension. Let's say
_old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.
Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)
Be safe
Need help with "Paas Virus" on Windows 10
Posted: 03 Jun 2021, 17:09
by CalmCreeper360
docR wrote: ↑03 Jun 2021, 14:24
Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.
Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.
Suppose you rename each of your files with some random file extension. Let's say
_old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.
Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)
Be safe
Ouch!
Thats terrible!
Well, i will need to tell him now that all of his files are lost.
Maybe he will be more careful next time.
Also the reason why i recommended him STOP Djvu is because apparently Paas descends from the Djvu family so i though it might be worth a try.