STOP Ransomware (.STOP .Djvu, .Puma, .Promo) Support Topic

Hi quietman7,

Hm.

A suggestion from my side would be to get a least rid of the hyperlinks.

But... sorry for even speaking up in this case. I only wondered why my 2 abuse reports from 10 hrs ago or so on said post got ignored.

I'm just a very casual poster here, so I will leave it at that.

Thanks for replying though.

No need to apologize. It's ok to speak your mind in the forum. Your abuse reports were not ignored. The other Mods leave reports from this forum for me to deal with. I did not notice the report until you mentioned it. I have sent you a PM.

Scam !
I was a Victim.
After I transfer 100$. He sent some junk softwares. Can not Decrypt

Yes it is a scam as I explained in my links. Your experience is not uncommon which is why we advise folks to not deal with them.
 

Ransomware victims should ignore all Google searches which provide numerous links to bogus and untrustworthy ransomware removal guides, including Facebook and YouTube videos, many of which falsely claim to have decryption solutions. After expert researchers write about a new ransomware or new variants, junk articles with misinformation are quickly written in order to scare and goad desperate victims into using or purchasing mostly sham removal and decryption software. Only use trusted sources when searching for information.

Please together report his youtube channel

YouTube has their own reporting system...folks can report as instructed here.

 

Hi Chaillo

 

It allows us to point out such examples of bogus YouTube videos members should avoid as I explained in the links I provided in my previous reply.

 

I agreed with your view, it will provide some usefull information to user so they can avoid this thing to happen.
 

Edited by buddy215, 17 January 2024 - 04:47 PM.
Removed Link

What are the options for decrypting images and video files?

This from Quietman  (second post in the Ransomware forum:

ABOUT DATA RECOVERY & PARTIALLY ENCRYPTED FILES:
- All of the new STOP (Djvu) variants add 334 bytes to encrypted file size due to including the RSA-encrypted key, the ID and filemarker as explained here.
 
- STOP (Djvu) Ransomware only encrypts the first 150 KB of files and places a file marker in brackets (i.e. {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}) at the end of every encrypted file.
 
Since only parts of the file may actually be encrypted, data recovery software sometimes work to recover partially encrypted files with certain ransomware infections. Data Recovery uses complex algorithms that search for pieces (fragments) of recoverable information left on the hard drive in order to guess where the file was originally physically stored. The recovery program then attempts to put back together that information in a salvageable format. However, if the data has been overwritten, complete recovery cannot be guaranteed. Data recovery does not decrypt encrypted data. Some STOP (Djvu) files that are in encrypted ZIP archives may also be recovered. See my comments in this this topic for more details in regards to the possible use of data recovery software.
 
JpegMedic ARWE and JpegMedic created by DecAns (Denis Anisimov) are tools for automatic batch recovery of JPEG files partially encrypted by STOP (Djvu) ransomware. For more information, please refer to Tool for batch recovery of JPEG files encryped by STOP (Djvu) or contact Jpegmedic Support (support@jpegmedic.com). UPDATE 01/14/22: JpegMedic ARWE is no longer available for free.
 
Media_Repair can be used to repair (not decrypt) audio/video files (WAV, MP3, MP4, M4V, MOV, 3GP) partially encrypted by ransomware.

Note that these are NOT decryption options, but REPAIR options. 

Your files were encrypted by the STOP ransomware using an online key. There is no decryptor available in this case. 

Edited by cybercynic, 17 January 2024 - 02:40 PM.

I don't know if it's the right place to ask my question, if not I am sorry. I recently found all my files encrypted and I don't know what to do about it. I did notice .Lper extension in my files. All encrypted files got this extension and I am pretty sure none of my files had this extension before. Also, i found _readme.txt file in my system and it's asking me to pay $980 to decrypt my files. I did some Google search and found out my computer is infected with a Ransomware virus. There were several guides providing help with removing this virus and restoring my files. I am no tech-savvy, still, I tried to follow the instructions provided by one of the guides (here's the link to be exact). The guide mostly focused on removing the threat. Now i am not sure if the virus is really gone from my system or not. But my files are still encrypted. Is there any way to decrypt my files without paying the ransom??? I don't want to lose my files but i also can't afford to pay the ransom. What should i do?

I don't know if it's the right place to ask my question, if not I am sorry. I recently found all my files encrypted and I don't know what to do about it. I did notice .Lper extension in my files. All encrypted files got this extension and I am pretty sure none of my files had this extension before. Also, i found _readme.txt file in my system and it's asking me to pay $980 to decrypt my files. I did some Google search and found out my computer is infected with a Ransomware virus. There were several guides providing help with removing this virus and restoring my files. I am no tech-savvy, still, I tried to follow the instructions provided by one of the guides (here's the link to be exact). The guide mostly focused on removing the threat. Now i am not sure if the virus is really gone from my system or not. But my files are still encrypted. Is there any way to decrypt my files without paying the ransom??? I don't want to lose my files but i also can't afford to pay the ransom. What should i do?

Please read the first page of the STOP (Djvu) Ransomware Support Topic for a summary of this infection, it's variants, any updates and possible decryption solutions using the Emsisoft STOP Djvu Decryptor. 

Offline key: miqhSGmGE63yWs53FTz0fnp8eCARpnaYE3O3p2t1

ghas 2021-2024

Goodbye friends, no decryptor works. I won't recover my data anymore

Edited by Cygan8888, 20 January 2024 - 06:42 AM.

Decryption of new STOP (Djvu) variants is possible IF infected with an OFFLINE KEY using the Emsisoft Decryptor only after obtaining and sharing the corresponding private key from victims who paid the ransom for a specific variant.  If there is no OFFLINE KEY available for any specific variant, then your files cannot be decrypted at this time. We have no way of knowing when or if a private key for an OFFLINE ID will be recovered and shared with Emsisoft. In fact many private OFFLINE KEYS are NEVER recovered and in most cases it's several months later when they are.

As with most ransomware the best solution for dealing with encrypted data after an infection is to restore from backups that have been isolated (offline) to a device not always connected to the network or home computer so they are unreachable. The only reliable way to effectively protect your data and limit the loss with this type of infection is to have an effective backup strategy. Without having safely stored backups to restore from, your data most likely is lost forever.

New variant reported with .cdxx (V0847) extension.

New variant reported with .cdcc (V0846) extension.

Edited by Chaillo, 26 January 2024 - 08:20 AM.

Hi
I was attacked by Djvu ransomware, all files encrypted online keys, .cdtt added
I decrypted the music with the Media Repair program (https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp/), the photos with the jpegMedic arwe program (https://www.jpegmedic. com/tools/jpegmedic-arwe/).
Maybe it will be useful to someone.
I don't know yet how to handle .doc, .pdf, .or excel files

I also found two decryption programs, only in one my ID doesn't work (supposedly deleted), and in the other you also need to provide a key which I don't have

Edited by bulka907, 28 January 2024 - 09:23 AM.

...I decrypted the music with the Media Repair program

Media_Repair can be used to repair (not decrypt),

New variant reported with .ldhy (V0849) extension.