New generation of STOP Ransomware (DJVU Ransomware) started to add .norvas and .moresa extensions to encrypted files since April, 17th. We remind you, that STOP Ransomware belongs to family of crypto-viruses, that extort money in exchange for data decryption. Last examples of STOP Ransomware are sometimes categorised as DJVU Ransomware, as they use identical template of ransom notes since the beginning of 2019, when .djvu extensions were appended. Norvas Ransomware uses new email addresses, that were never used before: firstname.lastname@example.org and email@example.com. In this version, victims can also contact extortionists via Telegram account: @datarestore. The decryption of files encrypted by STOP Ransomware still costs $980 (or $490 if ransom is paid within 72 hours). Our team does not recommend you paying the ransom. There are frequent cases when, hackers don’t reply after receiving the payment. Most of recent versions of STOP (DJVU) Ransomware were successfully decrypted by security specialists and enthusiasts. Below in the article, you can find download button for STOPDecrypter, decryption utility, that is constantly updated by developers. It is able to decrypt .norvas files for free or will be able to recover them in a few days or weeks.
STOP Ransomware (DJVU Ransomware) is high-risk widespread encryption virus, that first appeared near 1 year ago. It experienced several visual and technical changes throughout the time. In this tutorial we will analyse recent versions of this dangerous malware. In April of 2019, STOP Ransomware started to add following extensions to encrypted files: .browec, .guvara, .etols, .grovat or .grovas. They are sometimes called “Browec Ransomware”, “Guvara Ransomware”, “Etols Ransomware”, “Grovas Ransomware” and “Grovat Ransomware” respectively. Virus also modifies the hosts file to block Windows updates, antivirus programs, and sites related to security news or offering security solutions. The process of infection also looks like installing of Windows updates, malware shows fake window, that imitates update process.
STOP Ransomware is large family of encryption viruses with over than a year history. It has undergone multiple visual and technical modifications during the time. This article will describe peculiar properties of latest versions of this malware. Since the end of March, STOP Ransomware started to add following extensions to encrypted files: .raldug, .refols, .roland, .tronas or .trosak. The cost of decryption of files encrypted by STOP Ransomware is $980 (or for $490, if ransom is paid within 72 hours). Hackers should send special decryption tool, that will decode affected files. However, we must warn the victims, that malefactors often don’t keep promises, and don’t send the decoder. We recommend you to remove active infection of STOP Ransomware and use decryption tools available. STOPDecrypter is capable of decryption of .raldug, .refols, .roland, .tronas or .trosak files. You can also try manual guide in this article to attempt restoring files.
Notorious STOP Ransomware continues its distribution with minor modifications. Since the end of February 2019, new extensions appeared: .kropun, .kropun1, .kroput or .kroput1. At the same time, it distributes the AZORult trojan-stealer, which steals confidential information. It is capable of stealing various user data: information from files, browser history, passwords, cookies, online banking credentials, crypto-currency wallets, and more. Virus modifies the hosts file to block Windows updates, antivirus programs, and sites related to security news, selling antivirus software. This version of STOP Ransomware still uses following e-mail addresses: firstname.lastname@example.org and email@example.com.
Promos Ransomware is another generation of STOP Ransomware family from the same authors. This virus aims important user’s files, such as documents, photos, databases, music, mail. Ransomware encodes them with AES encryption and adds .promos, .promoz,.promock, .promorad, .promorad2 or .promok extensions to affected files. All these variations use similar algorithms, however, to this moment only .promos files encrypted by STOP Ransomware can be decrypted using STOPDecrypter (provided below). Authors of Promos Ransomware promise to send decryption tool for encrypted files in exchange for $980 (or for $490, if ransom is paid within 72 hours). We must warn the victims, that malefactors often don’t keep promises, and cheat users without sending a decoder. We recommend you to remove active infection of STOP Ransomware and use decryption tools available for .promos files. Keep encrypted files, that cannot be decrypted yet (.promoz, .promok, .promock, .promorad), to the moment, when decryption tool will be updated. Now you should try manual guide in this article to restore files. Usage of file-recovery software can also help users return some copies of files, that were removed earlier.