How to remove STOP Ransomware and decrypt .pdff, .tro or .rumba files

Standard

This article contains information about version of STOP Ransomware that adds .pdff, .tro or .rumba extensions to encrypted files, and creates _openme.txt ransom note file on the desktop and in the folders with affected files. This variation first appeared in January, 2019 and almost identical to previous .puma Ransomware and .djvu Ransomware. Ransomware virus still uses AES encryption algorithm and still demands ransom in BitCoins for decryption. All three varieties belong to one author, because they are using the same e-mail addresses for communication: pdfhelp@india.com and pdfhelp@firemail.cc. From the file above we can learn, that hackers offer 50% discount for decryption, if ransom amount is paid within 72 hours. However, from our experience, this is just a trick to encourage person to pay the ransom. Often malefactors don’t send decryptor after this. We recommend, that you remove active infection of STOP Ransomware and preserve your files until decryption tool appears. Until that time, you can try manual instructions on this page to attempt restoring encrypted files.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close