STOP Ransomware (.STOP .Djvu, .Puma, .Promo) Support Topic

ATTENTION!

Don't worry, you can return all your files!

All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

https://we.tl/t-9POwROFXcM

Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

gorentos@bitmessage.ch

Reserve e-mail address to contact us:

amundas@firemail.cc

Your personal ID:

0172au5ewgSYfg72PjZASYOj7WqutozjdxKqpKBvtpM5VF84YuVh0dQL

Is there any chance for this?

I have also .bora files infected. Did you use STOPDecrypter?

Per the first page of this topic....The newest extensions released around the end of August 2019 AFTER the criminals made changes....are not supported by STOPDecrypter since it no longer will be updated.

 

I have also .bora files infected. Did you use STOPDecrypter?

Per the first page of this topic....The newest extensions released around the end of August 2019 AFTER the criminals made changes....are not supported by STOPDecrypter since it no longer will be updated.

 

Ok thanx. The text file that writes my ID is no longer available because my antivirus delete all the text files. Is there any change i can find it and see if its offline decryption?

Thank you again

The next STOP ransomware decryptor from Michael will be much better and simplier to use but for the moment victims can use this ugly decrypter_2 from the hackers.
 
 
Decryption Instructions for .gero | .hese | .kvag | .meds | .moka | .nesa | .peta | .seto | .karl | .kuub | .reco | .noos | .bora variants if your files were encrypted by the OFFLINE KEY   
 
UPDATE 10/04/19: See Post #8083 for specific instructions related to the .karl variant.
UPDATE 10/05/19: See Post #8108 for specific instructions related to the .kuub variant.
UPDATE 10/15/19: See Post #8339 for specific instructions related to the .reco variant.

UPDATE 10/16/19: See Post #8384 for specific instructions related to the .noos variant.

UPDATE 10/16/19: See Post #8409 for specific instructions related to the .bora variant.

 

Also be sure to read About ZIP crypted archives with the STOP (.djvu) ransomware variants.

 

 
To download the decrypter_2.exe, click here. The decryptor is safe as shown here : virustotal report.
 
1. Backup all your encrypted files to an external drive before start decrypting.
2. download decrypter_2.exe
3. Start decrypter_2.exe
4. copy and past the key and fields for your variant.
You need copy-paste Private key with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
 
You will find bellow the :
 
OFFLINE KEY for .seto.
OFFLINE KEY for .gero.
OFFLINE KEY for .hese.
OFFLINE KEY for .kvag.
OFFLINE KEY for .meds.
OFFLINE KEY for .moka.
OFFLINE KEY for .peta.
OFFLINE KEY for .nesa.
 
5. Select the button Decrypt file to make a test with one file before selecting Decrypt Folder or Start.
 
It will decrypt your STOP data crypted with the offline key.
Many victims have files crypted by both an online key and the offline key so it may not decrypt all your files.
 

Kind regards,
Emmanuel emte@adc-soft.com
--
Emmanuel Teillard d'Eyry – Support Manager https://adc-soft.com/decryptage/ransomware.php
ADC-Soft | 18bis, rue de l’Est – 92100 Boulogne-Billancourt (France)
Partner of Dr.Web | Twitter: @Emm_ADC_Soft
 
If I have helped and you would like to consider a donation, click here.

@all

New decryptor is released. Please READ the instructions.

https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/

Thank you for the release of a new decryptor by Emsisoft. I had my encrypted (as an old variant) and original files paired and submitted to the server.

I was about to open the decryptor, but it won't work. I later realized that it was cleaned by an antivirus. What I did is to allow the device, and I successfully opened the decryptor. So, this serves as a reminder to those who are about to open the decryptor.

But when I was about to decrypt files, the decryptor was unable to decrypt my files. Will I have to wait for a while to have my ID reached to the server and make my decryption working? My Internet connection was working when the decryption attempt occurred.

Additionally, once my file pair was processed, the download link seems to be broken.

Edited by unknownquinones, 18 October 2019 - 11:32 AM.

Thank you for the release of a new decryptor by Emsisoft. I had my encrypted (as an old variant) and original files paired and submitted to the server.

 

I was about to open the decryptor, but it won't work. I later realized that it was cleaned by an antivirus. What I did is to allow the device, and I successfully opened the decryptor. So, this serves as a reminder to those who are about to open the decryptor.

 

But when I was about to decrypt files, the decryptor was unable to decrypt my files. Will I have to wait for a while to have my ID reached to the server and make my decryption working? My Internet connection was working when the decryption attempt occurred.

 

Additionally, once my file pair was processed, the download link seems to be broken.

Make sure you submitted an original/encrypted pair of the same file. File size must be greater than 154KB. And remember the decrypter will only attempt to decrypt files of the same file type as the submitted pair.

I would also run the decrypter with admininstrative rights.Upload a new  pair for each file type you want decrypted..

Edited by cybercynic, 18 October 2019 - 11:51 AM.

its so sad seeing this much victims over and over keep getting attacked

I am so sad for all of you

I got it. Thanks! But, my biggest problem will be the .txt file type. I'll try the old STOPDecrypter for encryption for the purpose of file pairing, and then rename the file with my STOP extension.

Thank you for the release of a new decryptor by Emsisoft. I had my encrypted (as an old variant) and original files paired and submitted to the server.

 

I was about to open the decryptor, but it won't work. I later realized that it was cleaned by an antivirus. What I did is to allow the device, and I successfully opened the decryptor. So, this serves as a reminder to those who are about to open the decryptor.

 

But when I was about to decrypt files, the decryptor was unable to decrypt my files. Will I have to wait for a while to have my ID reached to the server and make my decryption working? My Internet connection was working when the decryption attempt occurred.

 

Additionally, once my file pair was processed, the download link seems to be broken.

Oops, fixed the link. Thanks for reporting that.

As stated in the guide, the decryptor can only decrypt files with the same first 5 bytes as what you submitted. The submission form tells you the details of what it allows the decryptor to decrypt as shown in the article. You have to supply a file pair for each format you want to decrypt.

As for time, the second you upload those files and they are processed, the keystream is available to the decryptor the next time you hit "Decrypt".

Mind telling me what antivirus was blocking it so we can submit to them for whitelisting? The decryptor is signed by Emsisoft Ltd., so should be trusted by any reputable vendors.

I got it. Thanks! But, my biggest problem will be the .txt file type. I'll try the old STOPDecrypter for encryption for the purpose of file pairing, and then rename the file with my STOP extension.

You probably will not be able to decrypt other .txt files unless they were encrypted by an offline key. This is because the first 5 bytes are almost never going to be the same in text-based files; you can still try though if you have some good >150KB file pairs. There's nothing we can do otherwise in those cases.

Also, STOPDecrypter is officially discontinued and has been removed. It won't do anything that the Emsisoft decryptor cannot do.

Edited by Demonslay335, 18 October 2019 - 12:14 PM.

Post deleted. 

Edited by cybercynic, 18 October 2019 - 12:16 PM.

It's Windows Security only.

@Demonslay335:

Sophos Home Edition blocks it temporarily. Says it has 'low trust' - gives me the choice to allow the decrypter.