I am working on a small repair tool that allows you to repair MP3 and WAV files that are affected by STOP/DJVU ransomware. To test it I need files encrypted by this ransomware. To repair WAV files the tool requires a reference file: A file recorded with the same device or same software as the victim files.
To download, URL is in description of video at bottom of this post.
Update 06/21/2020: I expect to release a version with MP4, 3GP, MOV, M4V support later this week. RELEASED!
HINT: To repair various digital photo formats affected by STOP/DJVU variants, you can use my generic photo-repair tool JPEG-Repair. Example for CR2 (Canon RAW):
Current known issues updated 06/17/2020:
Issue 1: Repair of small WAV files will fail. I’ll look into that but it’s likely these can NOT be repaired.
Issue 2: Since release I have become aware of some other MP3 structural variants. I will look into those too. Fixed in build 103.
Issue 3: Data missing at start of file. This can not be avoided as Media Repair does two things. It repairs the file header and gets rid of encrypted data (about 150 KB), so this is data that is lost.
Issue 4: Not all files selected are repaired. This is due to Media Repair trying to determine if patient file is in fact for example an MP3. If not, it will skip the file. To force it to repair all files selected check option ‘Disable sanity checks’.
So, if you have any of those and would like me to repair them, please share them with me. I’ll then try to adjust the tool to repair them and send it to you so you can repair the rest of the files. It is important to realize that 100% perfect repair is not possible and that a portion of the data, the encrypted portion, is lost.
Drop me an email and the URL where you’ve uploaded them (Google Drive or similar).
If time permits I’ll keep adding more file types.
Help me helping you: Request for files to investigate
For me work out a more or less generic file repair option for a specific file type, I need files that were encrypted by the ransomware AND intact files shot with the same device.
Right now I need WAV files and MP4 files. If you have encrypted + an INTACT file shot with same device, then it would help if you shared those with me (using Google Drive or similar). Send me the shared URL and I will be very grateful. It’s no use sending me files without a reference file.
Next step, MP4 support?
Compiled a separate tool, an MP4 analyzer to investigate MP4 video and STOP/DJVU affected videos ..
“Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft said that figure is likely to be far higher.” – source, https://techcrunch.com/2019/10/18/stop- … ion-tools/
Repair of encrypted files normally is not possible, but as STOP/DJVU variants only encrypt part of the files, some file types allow for partial repair. The most clearly this can be observed in an image, here in JPEG-Repair that’s being used to repair a corrupt photo affected by STOP/DJVU:
See it in action + download URL latest build: