Warning, aggressive malware on Windows 11 active!

8 66
Avatar for AnonSunamun
2 years ago

UPDATE! Click HERE for the most appre ... sorry, comprehensive and accurate info on the ransomware I could find!

other related updates are at bottom of this article.

This is not a drill!

I've just barely, and not entirely successfully, been able to prevent my windows 11 box from being encrypted and ransomed! I was lucky I was paying attention and saw a window pop up and vanish within a tenth of a second which made me suspicious.

Wait for a second, what's going on?

Next, I noticed my Defender icon came up with an exclamation mark. In my notifications (which didn't pop up as they should have) the customary notice that windows defender was disabled was noted. I immediately went into my task hacker (task manager on steroids, but task manager would've done nicely as well.) and started end tasking active tasks which I didn't recognize. Most were named with numbers only.

Had to be quick though!

As soon as I ended one task another activated, but the task manager I used automatically shows the task chain, which task started which task so to speak, so I could identify the task that started it all, which was an inactive background task and end that. This gave me the chance to catch up and eventually end all the tasks going that were suspect. The next thing I did was shut down the system. Of course, windows update couldn't care less about what was going on and happily started to update! (of course, telling me not to turn off the power).


The wait for the update to finish and the machine to shut down was agonizing. I was pretty confident I'd shut down all the processes and running tasks that were related to (what I later identified to be) the ransomware encryption process. But I wasn't completely sure, which meant that if I goofed up the malware was now encrypting my drives without interference instead of windows updating some stupid stuff.

My fortune fell to my side for once, though I didn't know that at the time.

Next course of action.

Next, I did was dig up the USB stick with the Windows 11 install image on it and booted from that. Then I went into repair and so on to try a restore point. I knew I had one barely a week old (can't remember why I made it but I'm glad I did) and I set the setup application to restore the computer to that point in time.


Before doing the actual restore I ran the check to see which apps were affected and decided I could live with that. Only 4 apps I had uninstalled would return and only 2 apps I had installed would disappear. Not too big of a problem. So I went on with the restoration, waited, and nervously anticipated the reboot.

After the reboot, I immediately installed the Malwarebytes premium 14 day trial and had it scan my computer thoroughly. Unfortunately, whatever file the malware was in was removed by the restore operation so I cannot say which it was. I know that windows defender was up and running when it happened and obviously failed to protect me.

Looking deeper into my drives and apps though I noticed i wasn't completely fast enough and some damage had been done. Steam's main folder was devoid of executables and anything possibly resembling configuration files or other files with possibly interesting information was gone. In the folder, I found a txt file called _readme.txt and the content confirmed what I'd suspected from the start: Ransomware!

The _readme.txt content:


Don't worry, you can return all your files!

All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:


Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:


Reserve e-mail address to contact us:


Your personal ID:


Only 4 folders were affected.

I was damned lucky I could act as quickly as I did, limiting the damage to only 4 folders. Steam (reinstall, copy the exes to the old location, and steam was back with the library intact), write monkey, and some other apps seem to have been affected.

Still investigating! But here's the summary so far:

I found out that this ransomware has been identified. It is called STOP Djvu! It's a new variation on an older one but it's got some nasty mutations. Like when the encrypting occurs with an online connection the encryption key is unique and, currently, undecipherable in any way. It also manages to fool Windows Defender.

Anyway, I just wanted you all to have this warning, so you can take your own measures to prevent all your files from becoming encrypted and you basically getting f%#$d by this new variant (2 days old).

UPDATE 2: I was less fortunate than I thought. It seems many files were encrypted and are unrecoverable. So, excuse me while I go cry and feel sorry for myself a couple of hours.

Stay safe and stay happy!


$ 8.66
$ 8.62 from @TheRandomRewarder
$ 0.04 from @Talecharm
Sponsors of AnonSunamun
Avatar for AnonSunamun
2 years ago


Woah I like this sounds, like it gives for me an nervous like where I am, well if you are in the field of battle, also it's nice to have it like this that if you are affected with the area. Thank for giving ideas my friend I hope it will very helps.

$ 0.01
2 years ago

Well, i wasn't able to make it autoplay which is unfortunate. As of the moment I posted this article this version of this ransomware was not detected by Windows Defender or most other antivirus suites. As of this moment though I think there's only 2 antivirusses that don't pick it up yet.

But the sound is an absolutely awesome one if you're looking to raise an alarm, that's for sure!

$ 0.00
2 years ago

It has been quite some time since I don't use Windows at all, and if I need Windows, I run it on a virtual machine that only connects to the internet to install things I need, and after that, it is a box. Since I started using Ubuntu, I haven't gone back to Win because, in reality, now I feel like I am using something new. After all, ten has changed many things from my days. I started with Win98 and left at Win7, so to me, it feels weird using a PC that runs Win11. I can still use the OS, but I prefer Ubuntu even in my new PC bought this year; I went straight to Linux.

You don't have to worry about Malware when using Linux because Linux Distros are more secure. After all, the root is not protected by default. With the command line, you can mitigate and block any intruders.

I hope you install an antivirus in your next project to ensure your Windows OS stays out of trouble.

$ 0.03
2 years ago

My usage of Windows 11 isn't entirely voluntary tbh., but more something forced by circumstance. I'm studying for the MS-900 exam (office 365) and the Exam AZ-104 (Microsoft Azure Administrator) to get properly certified for a job that I've been offered. Besides that I'm disappointed in Linux Gaming to the extent that Gods of War, Cyberpunk 2077, Mass Effect Legendary, Skyrim Anniversary Edition, and Red dead redemption 2 simply won't run (acceptably) on linux. Then there's my son who's been known to play Minecraft Windows 10 edition (with ray tracing and all) while streaming it live through OBS which is not an entirely satisfactory experience on Linux either.

So for those things I'm convicted to using Windows. For anything else though I'm a long time Garuda Linux user, and have had reason to use tails on occasion.

I've been with Microsoft though since Dos, in the days before windows and lived through them all, from 3.0 through NT4, 95, 98, xp, me and so on and on all the way to 11 now. So it's not like I'm not familiar with the "Windows" phenomenon or anything.

And the thing about the antivirus is that when put head to head there are few if any antivirus software packages out there, which don't cost you upwards of 50$, that can beat Windows Defender. I've read that except for Emisoft, no antivirus software would have recognized the ransomware before yesterday, so i kind of feel that antivirus software wouldn't have made a big difference.

I've been able to save the documents, pictures and most of the appdata so compared to many I've been lucky. I'll be backing up that data and then low leveling the nvme to do a fresh windows 11 install from scratch. Then image it, make that into a bootable USB, so i can easily reimage if i need to.

By the way, Many many thanks for becoming a sponsor! I am honored that you find my articles worthy enough to be associated with your name! I hope I'll live up to your expectations!

Regards, Christ

$ 0.03
2 years ago

My sponsorship didn't have anything to do with the article. Still, I do like the idea of coincidences in this world; reading your article and giving you the sponsorship was something the universe was planning on. Believe me, that decision came out of thin air.

I hope you understand what I am trying to say is just that it was meant to be.

$ 0.01
2 years ago

I'm counting it as a win in any case! :-)

$ 0.02
2 years ago

Wow these sounds, intense like you are in the battle field intense. It's a good thing you were able to prevent other folders from getting affected, it could have ended up badly.

$ 0.01
2 years ago

Well, as you can see with the last update in the article I cheered too soon. I was able to prevent documents, pictures, mp3's and things like that from being lost (most of them anyway) but other than that, the installed apps, downloads, installed games, and whatnot were all irrecoverable lost. So I am going to have to do a complete wipe and install I'm afraid.

$ 0.00
2 years ago