page contents

The most popular virus that hijacks all your PC has been defeated: this is how they have achieved

Ransomware is one of the most dangerous malwares we find on the network. If one manages to get into your computer, it will be able to encrypt the most important files that you have inside it, such as photos or documents. Now, an antivirus company has published the tool that allows you to decrypt the most widespread files in the world.

Get to decrypt data from STOP, the most widespread ransomware of 2019

We’re talking about STOP ransomware. This malware has 160 variants, and is estimated to have infected half a million computers worldwide. When an attacker encrypts your computer’s files, the only option the attacker gives you is to pay a ransom in bitcoins, which is usually a few hundred dollars. He then asks you to send proof of it to an email, but those emails usually disappear quickly because hosting services unsubscribe them.

stop ransomware

That’s one of the reasons why you should never pay the “rescue” of a ransomware. The other is that, after a while, tools usually come out that allow you to decrypt the data and recover it. These tools are released by antivirus companies, and in this case it was the emsisoft company that has released the tool for free.

This tool is able to decrypt the contents of 148 of the 160 variants of the STOP ransomware prior to August 2019, which had been listed as the ransomware that has infected the most computers in the second and third quarters of 2019, where Spain is among the countries most affected. This will allow 70% of users infected by the ransomware to recover their data.

The most popular virus that hijacks all your PC has been defeated: this is how they have achieved 1

For the other 30%, the company has said that they cannot currently offer any solution, but that they recommend that they back up the encrypted data or extract the affected storage drive and not format it in case a tool that allows you to decrypt the data.

STOP appears in cracks and keygens of programs and games

The ransomware began to be distributed earlier this year through fake keygens and cracks available on various direct download and torrent portals, used to crack programs and games. As soon as they opened the file, they became infected with the ransomware, which left a text message on the computer saying it could decrypt a file from the computer for free to show that it had the key and could do it, and then charged $980 to decrypt it, though it had the “decency” to leave it at half price if done within 72 hours of infection.

The tool is available on Emsisoft’s official website, and includes a guide on how to use it to decrypt your files, which format .djvu, .rumba, .radman, .gero, etc. This variant of STOP is known as Djvu, but there is another one also called Puma, whose decryption tool is also available in this link. The latter can be easily identified because it changes the format of the files to .puma, .pumas, .pumax, . INFOWAIT or . DATAWAIT.

Written by Alberto Garcia

Source > ZDNet