Tutorials

Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove STOP Ransomware and decrypt .vesrato, .masodas, .nuksus or .pedro files

The epidemy of STOP Ransomware still goes on. This nasty virus hits thousands of computers all over the world, mostly targeting USA, Europe and Australia. The most recent version uses .vesrato, .masodas, .nuksus or .pedro extensions, that it adds to the end of encrypted files. As DJVU Ransomware uses AES encryption algorithm, probability of decryption is low, but exists. STOP Ransomware damages user's important data: photos, videos, documents and other types of information, victims are ready to pay ransom for. At the same time, it doesn't touch system files to keep Windows operable. Latest generation of this virus creates ransom note file called _readme.txt. The ransom note is typical. Malefactors let victims get acquainted with the conditions and price of the ransom, which is $980 and disclose e-mail addresses for contact gorentos@bitmessage.ch and gorentos2@firemail.cc. Although, developers affirm, that there is not possible to recover files without paying the ransom, the objective situation is different. The virus code has bugs, that allows security specialists to retrieve the key in some cases. Particularly, if the PC is disconnected from the web during encryption process, or hackers servers are unavailable - STOP Ransomware generates an offline key. This key, can be found with special decryption tool called STOPDecrypter. Below we provide you with download links and instruction to use this utility.

How to remove STOP Ransomware and decrypt .nacro, .mtogas, .coharos or .nasoh files

New wave of STOP Ransomware infection continues with .nacro, .mtogas, .coharos and .nasoh variations. Those extensions are added to encrypted files in the middle of August of 2019. This tricky virus uses AES encryption algorithm to encode user's important information. As a rule, STOP Ransomware attacks photos, videos and documents - data, that people value. The malware developers extort ransom and promise to provide decryption key in return. In the ransom note, we can see, that malefactors demand $980 (amount can be reduced if paid within the first 72 hours). Hackers offer victims to contact them via e-mails: gorentos@bitmessage.ch and gorentos2@firemail.cc. In most cases algorithms of STOP Ransomware are unbreakable. But virus code has its flaws. Particularly, if attacked PC lost internet connection during ransomware activity or hackers servers experienced some sort of malfunction, there are high chances to recover your files. In this case, STOP Ransomware generates an offline key, that can be retrieved by special decryption tool - STOPDecrypter.

How to remove STOP Ransomware and decrypt .londec, .krusop, .masok or .brusaf files

New instances of STOP Ransomware (DJVU Ransomware) continue to damage users files all over the world. This crypt-virus uses complex AES encryption algorithm to block users access to their data and extort a ransom of $490 or $980. New variations of extensions appeared in August, 2019, are: .londec, .krusop, .masok or .brusaf. Ransomware adds such suffixes to the end of encrypted files. If your files got such ending and are not accessible, it means your PC is infected with STOP Ransomware. Malware developers slightly modify the virus technically. As you can see from the message above hackers offer to decrypt 1 file for free and provide a "discount" if the user pays within the first 72 hours. However, those are, often, false promises and malefactors do not reply after receiving the payment. Luckily in some cases, your files can be decrypted. This can be possible if there was some internet connection loss or malfunction of hacker's servers during the encryption process. In this situation, STOP Ransomware uses an offline key, that can be calculated by a special tool called STOPDecrypter. Please, download it below, and read instructions on how to use it carefully.

How to remove STOP Ransomware and decrypt .nvetud, .zatrov, .lotej or .kovasoh files

Nvetud Ransomware, Zatrov Ransomware, Lotej Ransomware and Kovasoh Ransomware are devastating encryption viruses from the series of STOP Ransomware (DJVU Ransomware). They've got their names from .nvetud, .zatrov, .lotej or .kovasoh extensions, that ransomware adds to the end of encrypted files. From a technical point of view, the virus remains the same as previous versions. From this note, we can learn, that malefactors offer to decrypt 1 file for free and can provide a "discount" if the user pays fast (within first 72 hours). Our experience and reports from multiple victims show, that those are false promises. Hackers rarely reply back after receiving the payment. However, do not despair - there are cases when your files can be decrypted. If during encryption process there was some internet connection loss or malfunction of hacker's servers, STOP Ransomware uses an offline key, that can be retrieved by a special tool called STOPDecrypter. Please, download it below, and read instructions on how to use it carefully. If STOPDecrypter is unable to help you, you can try some alternative methods to restore your photos, documents, videos, etc.

How to remove STOP Ransomware and decrypt .cosakos, .prandel, .mogranos or .nelasod files

Nelasod Ransomware, Prandel Ransomware, Cosakos Ransomware and Mogranos Ransomware are the subtypes of STOP Ransomware (or DJVU Ransomware) and has all the characteristics of this family of viruses. Malware blocks access to the data on victim's computers by encrypting it with AES encryption algorithm. STOP Ransomware is one of the longest living ransomware. First infections were registered in December 2017. STOP Ransomware is yet another generation of it and appends .cosakos, .prandel, .mogranos or .nelasod extensions to encrypted files. Following the encryption, the malware creates ransom note file: _readme.txt on the desktop and in the folders with encoded files. In this file, hackers provide information about decryption and contact details, such as e-mails: gorentos@bitmessage.ch, gorentos2@firemail.cc and Telegram account: @datarestore. Good news is: there is a possibility for successful file decryption. However, several conditions should match. If affected PC was not connected to the internet, or malicious server, that generates keys was not accessible at the moment of infection there is a tool called STOPDecrypter, can decrypt files, encrypted by STOP Ransomware. We provide download link and instructions on how to use it below in the article.