How to decrypt DJVU Ransomware files? Emsisoft Decryptor

Ransomware STOP/DJVU decryptor
Written by Brendan Smith

STOP/DJVU Ransomware encrypts victim’s files with Salsa20, and appends one of dozens of extensions to filenames; for example, “.mzlq”, “.covm”, “.mado”, “.gero”, etc.

The ransom note “_readme.txt” contains the following text:

ATTENTION!

Don't worry, you can return all your files!

All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

https://we.tl/t-WJa63R98Ku

Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

helpmanager@mail.ch

Reserve e-mail address to contact us:

restoremanager@firemail.cc

Your personal ID:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note!

You need to delete the malware from your PC first of all, otherwise, it will lock your device or cipher your data several times. In case your current anti-virus tool does not delete this malware, it can be deleted with the help of GridinSoft Anti-Malware.

In case your system was infected by means of the Windows Remote Desktop function, we also strongly advise that you change all the passwords of all available users that are permitted to log in on a remote basis and inspect the local user accounts for the availability of other extra accounts that the online frauds could possibly generate.

Warning: This application needs to be connected to the web while it is active in order to get the decryption guidelines from the server.

Updated 31 May 2020

The .covm variant offline key was recovered by Emsisoft and added to the Emsisoft Decryptor server.

Updated 01 May 2020

Emsisoft has announced that the offline keys for .opqz, .nppp and .npsk have been recovered and uploaded to the Emsisoft Decryptor server.

Updated 06 Feb 2020

Emsisoft has announced that the offline keys for .alka and .repp have been recovered and uploaded to the Emsisoft Decryptor server.

Updated 20 Jan 2020

Emsisoft Decryptor has obtained and uploaded to server new OFFLINE KEYS for the .nbes, .mkos STOP (Djvu) variant ransomware.

Updated 06 Jan 2020

List of the New Stop/Djvu variants for 148 variants that Emsisoft can decrypt.

.shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudet, .tfudeq, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote

Updated 02 Dec 2019

List of the New Stop/Djvu variants that Emsisoft can decrypt. FOR OFFLINE KEY ONLY!

.gero, .hese, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .noos, .kuub, .reco, .bora, .nols, .werd, .coot, .derp, .meka, .mosk

Updated 25 Nov 2019

Emsisoft Decryptor has obtained and uploaded to server OFFLINE KEYS for the following new STOP (Djvu) variant:

.gero, .hese, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .noos, .kuub, .reco, .bora, .nols, .werd, .coot, .derp, .meka, .mosk, .lokf, .peet, .mbed, .kodg

Updated 9 Nov 2019

Decryptor v.1.0.0.1 by Emsisoft currently can decrypt NEW Stop/Djvu variant with file extension:

.gero, .hese, .seto, .peta, .moka, .meds, .kvag, .karl, .nesa, .noos, .kuub, .reco, .bora, .coot, .derp

Terms: Files encrypted with OFFLINE KEY.

There are certain limitations regarding what files can be restored. Speaking of all versions of STOP Djvu, the information can be properly decrypted if they were ciphered by means of an offline key that is available with the developers of the Emsisoft Decryptor. As for Old Djvu, the files can be also decrypted by means of encrypted/original file pairs provided to the STOP Djvu Submission portal. Keep in mind that this is not applicable to New Djvu that was elaborated after August 2019.

What is a “file pair”?

This is pair of files that are identical (as in they are the precise same data), except one duplicate, is encrypted and the other is not. STOP Djvu Submission portal can analyze the differences between an encrypted file and an original copy of the same file, allowing it to determine how to decrypt that file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back.

How to restore your files?

  1. Start downloading the decryption tool1 through the same website that developed this “How To” guide.
  2. Make sure to launch the decryption utility as an administrator. You need to agree with the license terms that will come up. For this purpose, click on the “Yes” button:Emsisoft Decryptor - license terms
  3. As soon as you accept the license terms, the main decryptor user interface comes up:Emsisoft Decryptor - user interface
  4. Based on the default settings, the decryptor will automatically populate the available locations in order to decrypt the currently available drives (the connected ones), including the network drives. Extra (optional) locations can be selected with the help of the “Add” button.
  5. Decryptors normally suggest several options considering the specific malware family. The currently possible options are presented in the Options tab and can be activated or deactivated there. You may locate a detailed list of the currently active Options below.
  6. As soon as yo add all the desired locations for decryption into the list, click on the “Decrypt” button in order to initiate the decryption procedure. Note that the main screen may turn you to a status view, letting you know of the active process and the decryption statistics of your data:Emsisoft Decryptor - the decryption statistics
  7. The decryptor will notify you as soon as the decryption procedure is completed. If you need the report for your personal papers, you can save it by choosing the “Save log” button. Note that it is also possible to copy it directly to your clipboard and to paste it into emails or forum messages if you need to do so.

DJVU Decryptor options

The decryptor at this moment performs the following options:

  • Keep encrypted files
    Considering the fact that the ransomware does not store any data regarding the unencrypted documents, the decryptor does not guarantee that the decrypted file will be identical to the one that was initially encrypted. Hence, the decryptor, based on the default settings, will for safety reasons not delete any encrypted documents after they have been decrypted. In case you would like the decryptor to delete any ciphered documents once they have been decrypted, it is possible to deactivate this feature. Note that this may be applicable if the space on your hard drive is limited.

Frequently Asked Questions

Why won’t the decryptor run?


The decryptor requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this) and then trying the decryptor again.

Why is the decryptor stuck on “Starting”?


When you run the decryptor, it looks for encrypted files. It will say “Starting” until it is able to find some. If the decryptor remains stuck on “Starting” for a long period of time, then this means it is unable to find any encrypted files.

The decryptor can’t decrypt all of my pictures even though I submitted file pairs for them?


JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decryptor will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you’ve obtained those pictures from.

What does “Remote name could not be resolved” mean?


It’s an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this:

https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default

I have an online key. What can I do?


The STOP DJVU ransomware encrypts only the first 150KB of files. So MP3 files are rather large, some media players (Winamp for example) may be able to play the files, but – the first 3-5 seconds (the encrypted portion) will be missing.

You can try to find a copy of an original file that was encrypted:

  • Files you downloaded from the Internet that were encrypted and you can download again to get the original.
  • Pictures that you shared with family and friends that they can just send back to you.
  • Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc)
  • Attachments in emails you sent or received and saved.
  • Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.

If not, you can try to restore files through the system function – Restore Point.

Also, try removing ransomware extension on a few BIG files and opening them. Either the DJVU ransomware read and did not encrypt the file, or it bugged and did not add the FileMaker. If your files are very large (2GB+), the latter is most likely.

How to decrypt DJVU Ransomware files? Emsisoft Decryptor
Specialists released a decryptor for STOP

Name: Emsisoft Decryptor

Description: The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames. For all versions of STOP Djvu, files can be successfully decrypted if they were encrypted by an offline key. Unfortunately, this tool will not work for every victim as it can only recover files encrypted by 148 of the 160 variants. This will enable approximately 70% of victims to recover their data. For people affected by the remaining 12 variants, no solution currently exists and we are unable to offer further assistance at this point in time. For that those who find themselves in this position archive the encrypted data in case a solution becomes available in the future.

Offer price: 0.0

Operating System: Windows

Application Category: System Tools

Sending
User Review
4.37 (65 votes)
Comments Rating 4.8 (25 reviews)

References

  1. DJVU Decryption Tool: https://www.emsisoft.com/ransomware-decryption-tools/download/stop-djvu
How to decrypt DJVU Ransomware files?
Article
How to decrypt DJVU Ransomware files?
Description
The newest version DJVU Ransomware (released around the end of August 2019) supported only the Emsisoft Decryptor tool. Files can be properly decrypted if they were encrypted by an offline key.
Author
Copyright
HowToFix.Guide
 

Spanish

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

298 Comments

  1. toshi November 10, 2019
    • Khairul Rizan Razduan December 11, 2019
    • hariblaze December 16, 2019
    • Ayaz December 20, 2019
    • Bret john February 2, 2020
      • Romil February 3, 2020
    • Eastersundie G. Nellas July 16, 2020
  2. pradeep bebarta November 11, 2019
  3. Morezz November 12, 2019
    • Vincci November 12, 2019
    • Bm.Nike November 25, 2019
  4. RIFQI November 13, 2019
  5. Ilman November 13, 2019
  6. Isabella November 15, 2019
    • Nitesh M January 21, 2020
  7. hedi November 15, 2019
  8. Efrain November 15, 2019
  9. key November 16, 2019
  10. ilterish yasin November 16, 2019
  11. Ashutosh Buyre November 17, 2019
    • Rano November 19, 2019
      • ayu November 20, 2019
  12. Steven November 22, 2019
    • Faisal November 23, 2019
      • ehsan November 28, 2019
  13. Wan Yin November 24, 2019
  14. Riaz November 24, 2019
    • Brendan Smith November 24, 2019
      • Sanjeev November 24, 2019
      • Marlus Azevedo November 25, 2019
      • Mary Grace Chavez November 27, 2019
        • Abdus sattar November 29, 2019
        • Albert December 5, 2019
          • Willy January 22, 2020
      • hailuong2712 December 1, 2019
      • safras January 30, 2020
  15. alx November 24, 2019
    • Andreas February 26, 2020
  16. mihai November 25, 2019
  17. marwan November 26, 2019
  18. imarfarooq November 26, 2019
  19. Tamil November 26, 2019
  20. Rene November 26, 2019
  21. Jailson November 26, 2019
  22. Dharun November 26, 2019
  23. matias November 27, 2019
  24. Mark November 30, 2019
  25. PhamNhut November 30, 2019
  26. Mário Nunes November 30, 2019
    • Yang Kalanishov December 2, 2019
  27. santiago November 30, 2019
  28. someone November 30, 2019
    • Brendan Smith November 30, 2019
      • Cristian December 1, 2019
      • someone December 1, 2019
      • rajan rai April 5, 2020
      • ioan June 6, 2020
  29. Sajid Mehdi December 1, 2019
  30. Sajid Mehdi December 1, 2019
  31. Khale Mabelin December 1, 2019
  32. Alamin December 1, 2019
  33. Ariembe December 1, 2019
  34. Zoran December 2, 2019
    • KO_ December 2, 2019
      • Cris May 28, 2020
  35. m December 2, 2019
  36. Gérard tougnon December 4, 2019
  37. Wisnu December 5, 2019
  38. Popaj December 6, 2019
  39. sabbhi December 7, 2019
  40. alex December 10, 2019
  41. MUSTAFA ZIYAI December 13, 2019
  42. Eves_23 December 17, 2019
  43. Paulo Moutinho December 17, 2019
    • imran December 18, 2019
  44. ric December 18, 2019
    • Mangy January 6, 2020
  45. fivos December 19, 2019
  46. Ayaz December 20, 2019
  47. DuyPN December 21, 2019
  48. vishal December 22, 2019
  49. Ahmad December 25, 2019
  50. Jayson December 26, 2019
    • Aaron May 3, 2020
  51. Valentin December 26, 2019
    • Valentin December 26, 2019
  52. Bequer December 27, 2019
  53. ANDI December 27, 2019
    • Aaron May 3, 2020
  54. Mohamed Hassan December 29, 2019
  55. Michał December 29, 2019
    • Jim December 30, 2019
  56. salameh December 31, 2019
  57. Eyal January 3, 2020
  58. .derp January 5, 2020
  59. Joselito Vital January 6, 2020
  60. AYUSH CHOUDHARY January 8, 2020
  61. Chakrrov January 9, 2020
  62. Raman January 9, 2020
  63. Elmer January 10, 2020
  64. Ramdoss January 14, 2020
  65. imran javed January 19, 2020
  66. brika Aymen January 22, 2020
  67. brika Aymen January 22, 2020
  68. lam January 25, 2020
    • Jinesh January 26, 2020
  69. Ali January 25, 2020
  70. mor January 26, 2020
  71. Rodolfo January 26, 2020
    • Nagesh SM January 27, 2020
  72. Paulo Moutinho January 26, 2020
  73. Rana Adnan January 30, 2020
    • Aaron May 3, 2020
  74. Sumudu February 1, 2020
  75. Bhakti Kurniawan February 1, 2020
  76. coy February 2, 2020
  77. Asif Qamar February 3, 2020
  78. JOSH LEE February 5, 2020
  79. shadab February 6, 2020
  80. christo February 6, 2020
  81. eldjou February 6, 2020
  82. isma February 7, 2020
  83. marian February 8, 2020
  84. nikiken February 10, 2020
  85. Roch February 11, 2020
  86. Darko Stepanovic February 12, 2020
    • Mohammed Rama February 15, 2020
  87. govind February 13, 2020
  88. viru February 14, 2020
  89. Engr. Manoj February 15, 2020
  90. Mohammed Rama February 15, 2020
  91. AK February 16, 2020
  92. Adrian February 17, 2020
  93. edo February 17, 2020
  94. agus February 18, 2020
  95. Kevin February 18, 2020
  96. Imtiaz Ahmad Aziz February 19, 2020
  97. Bret John Morales February 19, 2020
  98. Shashi Upadhyay February 20, 2020
  99. manpreet singh February 20, 2020
  100. adam February 20, 2020
  101. Ashish Ray February 20, 2020
  102. febri February 21, 2020
    • jaim February 22, 2020
  103. Quentin February 22, 2020
  104. Jewel_Johns February 29, 2020
  105. Diogo Costa March 2, 2020
  106. Carl Jim Jimenez March 5, 2020
  107. phyo min zaw March 14, 2020
  108. PRAHLAD March 14, 2020
  109. mehmet March 17, 2020
  110. Nitngan March 19, 2020
  111. ivan March 22, 2020
  112. Joey Jhon March 22, 2020
    • fajunior March 26, 2020
  113. Jame March 26, 2020
    • Masood Ahmed Vighio March 27, 2020
    • Darwin March 30, 2020
    • chaithan April 4, 2020
  114. boabob March 28, 2020
    • opqzvictm March 29, 2020
  115. Dharmesh Ahir March 28, 2020
  116. M. Istehbab March 28, 2020
  117. Uchiha_Strike March 29, 2020
  118. muzammal March 29, 2020
  119. Yaw Sah Somiah March 29, 2020
  120. JALASUTRAM RANGA RAO March 30, 2020
  121. Wang March 30, 2020
    • Wang March 30, 2020
      • Rubik March 31, 2020
        • Brendan Smith March 31, 2020
          • bhuvnesh April 1, 2020
  122. Wang March 30, 2020
  123. Manoj March 30, 2020
  124. rahul saran March 31, 2020
  125. Ashpreet singh March 31, 2020
    • Poland April 12, 2020
  126. nugi April 1, 2020
  127. Deependra April 2, 2020
  128. Tushar Jethi April 2, 2020
    • pritesh parmar April 8, 2020
  129. Alvin April 3, 2020
  130. S Matia April 3, 2020
  131. kiran April 4, 2020
  132. faisal shafiq April 5, 2020
    • Brendan Smith April 5, 2020
  133. mohammed April 5, 2020
  134. md ajaruddin April 5, 2020
  135. satish April 6, 2020
  136. Mathew April 6, 2020
  137. nitesh April 7, 2020
  138. suhaimi April 7, 2020
  139. bleed April 8, 2020
  140. Gabriel April 9, 2020
  141. VuDigital April 12, 2020
  142. Poland April 12, 2020
    • Brendan Smith April 12, 2020
    • VDR July 10, 2020
  143. wess April 13, 2020
  144. PABLO ORTEGA April 19, 2020
  145. salah April 20, 2020
  146. Adil Hassan April 26, 2020
  147. sonu sharma April 30, 2020
  148. Toya Nath Joshi May 1, 2020
  149. Moises Ramirez Trujillo May 1, 2020
  150. Shashank Ramugade May 3, 2020
  151. rohit May 3, 2020
  152. buney lam May 3, 2020
    • mpaleatsbeat May 4, 2020
      • rohit May 5, 2020
  153. Emerson May 5, 2020
  154. Narayanan May 5, 2020
  155. Itari Diaz May 5, 2020
  156. MMaaa May 6, 2020
  157. MD ZAKARIA May 9, 2020
  158. LA VID May 9, 2020
  159. Sajan Kasula May 10, 2020
  160. ABHISHEK May 11, 2020
  161. khalidmurid May 11, 2020
  162. welmin gomez May 13, 2020
  163. Anwar May 14, 2020
  164. Dhaval Shukla May 20, 2020
  165. gandhar May 21, 2020
  166. Jonathan Roman May 22, 2020
  167. Carlos Bautista May 23, 2020
  168. amol g May 24, 2020
  169. Henry May 28, 2020
    • ioan June 6, 2020
      • Parth July 16, 2020
  170. Eduardo Gomez May 29, 2020
  171. haroon May 31, 2020
  172. Majed salem June 1, 2020
  173. Majed salem June 1, 2020
  174. HOUYUCIOU June 2, 2020
  175. HOUYUCIOU June 2, 2020
  176. Imran Chowdhury June 10, 2020
  177. nickgan June 13, 2020
  178. Tanveer June 14, 2020
    • john June 15, 2020
      • john June 15, 2020
  179. k June 19, 2020
  180. zes June 19, 2020
  181. KJH June 20, 2020
  182. Rawad June 21, 2020
  183. Deniz YILDIZ June 28, 2020
  184. Deniz YILDIZ June 28, 2020
  185. Anderson Campos June 30, 2020
    • Paulo Victor Leão July 7, 2020
    • Armand July 10, 2020
  186. Hassan Raza July 3, 2020
  187. Niwath July 3, 2020
    • Niwath July 3, 2020
  188. Joevi July 5, 2020
  189. manoj kumar santa July 5, 2020
  190. sushil jaiswal July 7, 2020
  191. sushil jaiswal July 7, 2020
  192. Kumaresh Biswas July 11, 2020
  193. andre July 15, 2020
  194. AhmedSherif July 18, 2020
  195. kd jha July 19, 2020
  196. kd jha July 19, 2020
  197. Vishnu vyas July 19, 2020
  198. oad July 20, 2020
  199. kokenzu July 21, 2020
  200. Muhammed Furuncu July 23, 2020
  201. Talha July 27, 2020
  202. Marlon Vinicius July 29, 2020
  203. Dumitru Dumitru July 31, 2020
  204. Akshay August 2, 2020
  205. feraidoon August 16, 2020
  206. Luthier August 20, 2020
  207. Man August 22, 2020
  208. Vidyasagar August 23, 2020
  209. Afzaal August 25, 2020
  210. Muhammad Umar September 14, 2020
  211. Dorel September 22, 2020
  212. Ashu September 30, 2020
  213. focus October 1, 2020
  214. hassan October 3, 2020
  215. Luis October 11, 2020
  216. Omar2020 October 19, 2020
  217. Avinash Chaudhari October 20, 2020
  218. Jay sengmany October 22, 2020
  219. Petros October 23, 2020
  220. Maziar October 25, 2020

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.