Sat. Jun 6th, 2020

Security Research Firm Releases Decryptor for STOP Ransomware

Ransomware victims, rejoice! A decryptor for the STOP ransomware has been released.

 

New-Zeland based company, Emsisoft, has built a decryptor that can recover files for 148 variants for STOP, which is the most prevalent ransomware seen in the wild. Even more, STOP accounts for more than half of all ransomware infections.

 

According to ransomware identification site, ID-Ransomware, there have been more than 116,000 submissions related to the STOP ransomware. But researchers at Emsisoft say the figure is likely much higher. For this reason, the release of Emsisoft’s decryptor tool is a huge achievement.

 

It’s worth noting, however, that anyone whose files were encrypted after August 2019 is infected with a new variant, and, sadly, the decryptor does not support this variant.

 

For victims infected with an older variant, before decrypting your files, confirm if you were encrypted with a supported extension. The supported extensions are:

 

 

Source: Bleeping Computer

 

Also worth noting, to use the service, victims also have to find some encrypted files and their originals that match the following requirements and train the decryption service using them.

  • Must be the same file before and after encryption
  • Must be a different file pair per file type you wish to decrypt
  • Must be at least 150KB

 

Victims must also upload an encrypted and unencrypted pair to train the service. Once the service is trained with a file type, it can be used to decrypt all files on your computer of that same type, Bleeping Computer reports.

 

And once you have a pair of files, go to https://decrypter.emsisoft.com/submit/stopdjvu/ and upload the files using the page’s form.

 

For more information, go to the Bleeping Computer forums — Gillespie’s main source for keeping victims updated on his findings.