Ransomware

New instances of STOP Ransomware (DJVU Ransomware) continue to damage users files all over the world. This crypt-virus uses complex AES encryption algorithm to block users access to their data and extort a ransom of $490 or $980. New variations of extensions appeared in August, 2019, are: .londec, .krusop, .masok or .brusaf. Ransomware adds such suffixes to the end of encrypted files. If your files got such ending and are not accessible, it means your PC is infected with STOP Ransomware. Malware developers slightly modify the virus technically. As you can see from the message above hackers offer to decrypt 1 file for free and provide a "discount" if the user pays within the first 72 hours. However, those are, often, false promises and malefactors do not reply after receiving the payment. Luckily in some cases, your files can be decrypted. This can be possible if there was some internet connection loss or malfunction of hacker's servers during the encryption process. In this situation, STOP Ransomware uses an offline key, that can be calculated by a special tool called STOPDecrypter. Please, download it below, and read instructions on how to use it carefully.

Nvetud Ransomware, Zatrov Ransomware, Lotej Ransomware and Kovasoh Ransomware are devastating encryption viruses from the series of STOP Ransomware (DJVU Ransomware). They've got their names from .nvetud, .zatrov, .lotej or .kovasoh extensions, that ransomware adds to the end of encrypted files. From a technical point of view, the virus remains the same as previous versions. From this note, we can learn, that malefactors offer to decrypt 1 file for free and can provide a "discount" if the user pays fast (within first 72 hours). Our experience and reports from multiple victims show, that those are false promises. Hackers rarely reply back after receiving the payment. However, do not despair - there are cases when your files can be decrypted. If during encryption process there was some internet connection loss or malfunction of hacker's servers, STOP Ransomware uses an offline key, that can be retrieved by a special tool called STOPDecrypter. Please, download it below, and read instructions on how to use it carefully. If STOPDecrypter is unable to help you, you can try some alternative methods to restore your photos, documents, videos, etc.

Nelasod Ransomware, Prandel Ransomware, Cosakos Ransomware and Mogranos Ransomware are the subtypes of STOP Ransomware (or DJVU Ransomware) and has all the characteristics of this family of viruses. Malware blocks access to the data on victim's computers by encrypting it with AES encryption algorithm. STOP Ransomware is one of the longest living ransomware. First infections were registered in December 2017. STOP Ransomware is yet another generation of it and appends .cosakos, .prandel, .mogranos or .nelasod extensions to encrypted files. Following the encryption, the malware creates ransom note file: _readme.txt on the desktop and in the folders with encoded files. In this file, hackers provide information about decryption and contact details, such as e-mails: gorentos@bitmessage.ch, gorentos2@firemail.cc and Telegram account: @datarestore. Good news is: there is a possibility for successful file decryption. However, several conditions should match. If affected PC was not connected to the internet, or malicious server, that generates keys was not accessible at the moment of infection there is a tool called STOPDecrypter, can decrypt files, encrypted by STOP Ransomware. We provide download link and instructions on how to use it below in the article.

STOP Ransomware is a large family of encryption viruses with over than year history. It has undergone multiple visual and technical modifications during the time. This article will describe the peculiar properties of the latest versions of this malware. Since the end of July, STOP Ransomware started to add following extensions to encrypted files: .access, .format, .ntuseg or .ndarod. They are sometimes called "Access Ransomware", "Format Ransomware", "Ntuseg Ransomware" and "Ndarod Ransomware" respectively. Virus modifies the "hosts" file to block Windows updates, antivirus programs, and sites related to security news. The process of infection also looks like installing Windows updates, the malware generates a fake window and progress bar for this. The cost of decryption of files encrypted by STOP Ransomware is $980 (or for $490, if the ransom is paid within 72 hours). Hackers should send special decryption tool, that will decode affected files. However, we must warn the victims, that malefactors often don't keep promises, and don't send the decoder. We recommend you to remove the active infection of STOP Ransomware and use decryption tools available. STOPDecrypter is capable of decryption of .access, .format, .ntuseg or .ndarod files. You can also try a manual guide in this article to attempt restoring files. Usage of file-recovery software can also help users recover some copies of files, that were removed earlier.

STOP Ransomware is computer virus-extortioner, with a global impact. It was developed by cyber-racketeers to blackmail users worldwide. Malware blocks access to user's documents, photos, databases, music, mail, archives by encrypting them with AES encryption algorithm and demand ransom from $490 to $980. The modification of the virus, that we are investigating now adds .novasof, .bopador, .todar or .dodoc extensions to affected files and has many other characteristic signs. For example, all latest versions of STOP Ransomware use _readme.txt ransom note file with typical message. The particular version under research today, uses following e-mail addresses: gorentos@bitmessage.ch and gorentos2@firemail.cc. Developers of STOP Ransomware promise to send decryption tool in exchange for $980 (or for $490, if the ransom is paid within 72 hours). There is no reason to trust the hackers and succumb to intimidation. There is a chance to return your data and decrypt .novasof, .bopador, .todar or .dodoc files without paying the ransom. You need to remove malware from your computer using one of the certified tools provided in the article.