[SOLVED] .WBXD Virus!!!

[D S Q U A R E]

Hey Fellas, First of all thanks for seeing my thread! Now IDK from where this thing came from but every single file on my PC.From my docs to my music, Every single file is just encrypted with this .Wbxd extension, Also in every folder there is this ransom note saying :

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
<<Removed by moderator>>
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
<<Removed by moderator>>

Reserve e-mail address to contact us:
<<Removed by moderator>>

Your personal ID:
<<Removed by moderator>>


GUYS!!! This was a Ransomware.... And all my Files are encrypted with that......Now I tried serching for any decryptor tool and i found one but that tool also gave up on me saying your Decryption ID appears to be an Online ID so decryption is Impossible for now........ Also when i searched on youtube.... All the videos are like 6-5 days old...... maybe a new virus or something....... guys i really need to have my data ASAP....... PLEASE HELP ME DECRYPTING MY DATAA.......... I DIDN'T GOT ANY RESORT......


PLEASE HELP!!!!!


THANKS IN ADVANCED!!!!!

 

[Nemesia]

Hi Dsquare.

Here is some text that unfortunately doesn't look good. Seems like you have the new version which is an online key and not offline key.

"There are currently two versions of Djvu ransomware infections: old and new. The old versions were designed to encrypt data by using a hard-coded "offline key" whenever the infected machine had no internet connection or the server was timing out/not responding. Therefore, some victims were able to decrypt data using a tool developed by cyber security researcher, Michael Gillespie, however, since the encryption mechanism has been slightly changed (hence the new version, released in August, 2019), the decrypter no longer works and it is not supported anymore. If your data has been encrypted by an older version, you might be able to restore it with the another tool developed by Emsisoft and Michael Gillespie".

Take a look at this - https://www.emsisoft.com/ransomware-decryption-tools/

I can vouch for emsisoft I use their anti-malware antivirus and it's pretty good. I didn't know they had that decryption page. You send them the text file "readme", an encrypted file less than 8MB and the email address or hyperlink the ransomware gave you as contact information.

If that doesn't work and nothing works than I'm sorry but there is nothing you can do. You will have to wipe the drive and reinstall Windows and lose all your files or you pay them and you have no guarantee they will even send you the decryption tool with the decryption key needed.

If you don't want this to happen in the future I recommend you backup your files on an external drive not connected to the network. After that it's just a matter of wiping the drive an reinstalling Windows but this time you can get your files back from the external drive.

 

[D S Q U A R E]

Hi Dsquare.

Here is some text that unfortunately doesn't look good. Seems like you have the new version which is an online key and not offline key.

"There are currently two versions of Djvu ransomware infections: old and new. The old versions were designed to encrypt data by using a hard-coded "offline key" whenever the infected machine had no internet connection or the server was timing out/not responding. Therefore, some victims were able to decrypt data using a tool developed by cyber security researcher, Michael Gillespie, however, since the encryption mechanism has been slightly changed (hence the new version, released in August, 2019), the decrypter no longer works and it is not supported anymore. If your data has been encrypted by an older version, you might be able to restore it with the another tool developed by Emsisoft and Michael Gillespie".

Take a look at this - https://www.emsisoft.com/ransomware-decryption-tools/

I can vouch for emsisoft I use their anti-malware antivirus and it's pretty good. I didn't know they had that decryption page. You send them the text file "readme", an encrypted file less than 8MB and the email address or hyperlink the ransomware gave you as contact information.

If that doesn't work and nothing works than I'm sorry but there is nothing you can do. You will have to wipe the drive and reinstall Windows and lose all your files or you pay them and you have no guarantee they will even send you the decryption tool with the decryption key needed.

Is there No way even in future that i can get my data back???

 

[Nemesia]

Is there No way even in future that i can get my data back???

I'm doing the same research as you on google. Looked at some threads and website talking about that family of ransomware and I have no idea if that new version with that online key does have a fix. I recommend you google "WBXD" and read the entire first results page. You will see everything you can try about that ransomware.

Did you use this? - https://www.emsisoft.com/ransomware-decryption-tools/

 

[Nemesia]

This ransomware is a ransomware using an online rotating decrypting key that you can't find unless they send it to you.

The offline version of this ransomware had fixes for like 140+ variant of the offline ransomware but the online version...no idea. It's a recent one.

Sorry I can't really help you with this. Maybe someone with more information will jump in.

To me this is a situation where you wipe and lose your files or pay up and hope they send you the tool and key.

Not much you can do against an online decrypting key.

 

[COLGeek]

Paying for the decryption key will not necessarily solve the issue. Often, these guys will take your money and run, or will try to get more money from you.

Consider this a total loss and reload your system from scratch (full, clean re-install of OS and apps). Hopefully, you have backup copies of your personal files/docs. If not, establishing a future backup solution is a must.

 

[USAFRet]

This data is encrypted. There is no current decryption routine, except what the hackers might give you in exchange for money.
It is gone.

Solution:
Remove this drive.
Put it in a box, with appropriate labeling
Buy a new drive
Install your OS and whatever software you use.
Move on, and don't do whatever it was you did to get this ransomware.

Maybe in 5-10 years, a method will be found to decrypt that original data. But probably not.

 

[Grobe]

The importance of backup cannot be told enough.

This is what I'd done if had no backup (paying the criminals are never an option)

• Get a external hdd and clone the system drive / all hdd's (offline - you'd never start that windows installer again as it might just re-infect any usb devices you plug into it) - hopefully it will be possible to recover sometime in the future.
• Wipe all disks in the computer.
• Install windows from scratch.

This is what I'd done if I have backup

• [optional] clone system drive if you want to be able to restore files in future that is not part of your backup.
• Wipe all disks in the computer.
• Install windows from scratch.
• Restore the files from the backup.

Also important about an external backup drive : Don't have it connected all the time - that just make it possible to future virus infections to encrypt the backup data as well.

 

[USAFRet]

This is what I'd done if I have backup

With my backup routine, I'd just recover all affected drives from last nights backup. OS drive included.
100% recovery.