September 8, 2021

My sister’s PC just got attacked by Djvu EDFC ransomware

This is a new laptop and she was trying to install cracked software, which also means that not all of her data was on this new laptop but it was significant. Windows became unresponsive with continuous BSD, I am a little tech savy and although I have some experience dealing with these situations since this was a new laptop I did not care to check the files and immediately started to tackle the malware and did not realise it to be ransomeware attack, tried running malwarebytes it found and fixed 6 threats, bitdefender found none but still windows wasn’t respnding at all then I used system restore (at that time it had 4 restore points ) to go back to a stable state from troubleshoot it did not helped with the responsiveness, it kept changing screen resolutions and increased/decreased windows scaling. Laptop had another user and that user was working comparitively better, So, I ran TRON Script using that user and got rid of the virus completely. Then when I told her to check the files she said extensions of all the files are changed. Only then I realised that it was a ransomware attack.

Now, there is only one restore point that TRON made before removing the virus and the files are encrypted via online ID so cannot decrypt using the EMSIS software either. If only I had realised this to be a rasnome attack earlier I could have accessed files using shadow explorer and I remember a 50GB difference in the drives after and before the removal of virus that was probably the untouched files form the PC that the attack hid from the original folders, I don;t know I am guessing.

I am even more frustrated than her. If someone like me cannot react or get a hold of this situtation one can only imagine what its like for more grounded users.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.