How to decrypt DJVU Ransomware files? Emsisoft Decryptor

Ransomware STOP/DJVU decryptor
Written by Brendan Smith

You need to delete the malware from your PC first of all, otherwise, it will lock your device or cipher your data several times. In case your current anti-virus tool does not delete this malware, it can be deleted with the help of GridinSoft Anti-Malware.

In case your system was infected by means of the Windows Remote Desktop function, we also strongly advise that you change all the passwords of all available users that are permitted to log in on a remote basis and inspect the local user accounts for the availability of other extra accounts that the online frauds could possibly generate.

Warning: This application needs to be connected to the web while it is active in order to get the decryption guidelines from the server.

Updated 20 Jan 2020

Emsisoft Decryptor has obtained and uploaded to server new OFFLINE KEYS for the .nbes, .mkos STOP (Djvu) variant ransomware.

Updated 06 Jan 2020

List of the New Stop/Djvu variants for 148 variants that Emsisoft can decrypt.

.shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudet, .tfudeq, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote

Updated 02 Dec 2019

List of the New Stop/Djvu variants that Emsisoft can decrypt. FOR OFFLINE KEY ONLY!

.gero, .hese, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .noos, .kuub, .reco, .bora, .nols, .werd, .coot, .derp, .meka, .mosk

Updated 25 Nov 2019

Emsisoft Decryptor has obtained and uploaded to server OFFLINE KEYS for the following new STOP (Djvu) variant:

.gero, .hese, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .noos, .kuub, .reco, .bora, .nols, .werd, .coot, .derp, .meka, .mosk, .lokf, .peet, .mbed, .kodg

Updated 9 Nov 2019

Decryptor v. by Emsisoft currently can decrypt NEW Stop/Djvu variant with file extension:

.gero, .hese, .seto, .peta, .moka, .meds, .kvag, .karl, .nesa, .noos, .kuub, .reco, .bora, .coot, .derp

Terms: Files encrypted with OFFLINE KEY.

There are certain limitations regarding what files can be restored. Speaking of all versions of STOP Djvu, the information can be properly decrypted if they were ciphered by means of an offline key that is available with the developers of the Emsisoft Decryptor. As for Old Djvu, the files can be also decrypted by means of encrypted/original file pairs provided to the STOP Djvu Submission portal. Keep in mind that this is not applicable to New Djvu that was elaborated after August 2019.

What is a “file pair”?

This is pair of files that are identical (as in they are the precise same data), except one duplicate is encrypted and the other is not. STOP Djvu Submission portal can analyze the differences between an encrypted file and an original copy of the same file, allowing it to determine how to decrypt that file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back.

How to restore your files?

  1. Start downloading the decryption tool through the same website that developed this “How To” guide.
  2. Make sure to launch the decryption utility as an administrator. You need to agree with the license terms that will come up. For this purpose, click on the “Yes” button:Emsisoft Decryptor - license terms
  3. As soon as you accept the license terms, the main decryptor user interface comes up:Emsisoft Decryptor - user interface
  4. Based on the default settings, the decryptor will automatically populate the available locations in order to decrypt the currently available drives (the connected ones), including the network drives. Extra (optional) locations can be selected with the help of the “Add” button.
  5. Decryptors normally suggest several options considering the specific malware family. The currently possible options are presented in the Options tab and can be activated or deactivated there. You may locate a detailed list of the currently active Options below.
  6. As soon as yo add all the desired locations for decryption into the list, click on the “Decrypt” button in order to initiate the decryption procedure. Note that the main screen may turn you to a status view, letting you know of the active process and the decryption statistics of your data:Emsisoft Decryptor - the decryption statistics
  7. The decryptor will notify you as soon as the decryption procedure is completed. If you need the report for your personal papers, you can save it by choosing the “Save log” button. Note that it is also possible to copy it directly to your clipboard and to paste it into emails or forum messages if you need to do so.

DJVU Decryptor options

The decryptor at this moment performs the following options:

  • Keep encrypted files
    Considering the fact that the ransomware does not store any data regarding the unencrypted documents, the decryptor does not guarantee that the decrypted file will be identical to the one that was initially encrypted. Hence, the decryptor, based on the default settings, will for safety reasons not delete any encrypted documents after they have been decrypted. In case you would like the decryptor to delete any ciphered documents once they have been decrypted, it is possible to deactivate this feature. Note that this may be applicable if the space on your hard drive is limited.
User Review
4.31 (26 votes)
Comments Rating 4.75 (8 reviews)

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.


  1. toshi November 10, 2019
    • Khairul Rizan Razduan December 11, 2019
    • hariblaze December 16, 2019
    • Ayaz December 20, 2019
  2. pradeep bebarta November 11, 2019
  3. Morezz November 12, 2019
    • Vincci November 12, 2019
    • Bm.Nike November 25, 2019
  4. RIFQI November 13, 2019
  5. Ilman November 13, 2019
  6. Isabella November 15, 2019
    • Nitesh M January 21, 2020
  7. hedi November 15, 2019
  8. Efrain November 15, 2019
  9. key November 16, 2019
  10. ilterish yasin November 16, 2019
  11. Ashutosh Buyre November 17, 2019
    • Rano November 19, 2019
      • ayu November 20, 2019
  12. Steven November 22, 2019
    • Faisal November 23, 2019
      • ehsan November 28, 2019
  13. Wan Yin November 24, 2019
  14. Riaz November 24, 2019
    • Brendan Smith November 24, 2019
      • Sanjeev November 24, 2019
      • Marlus Azevedo November 25, 2019
      • Mary Grace Chavez November 27, 2019
        • Abdus sattar November 29, 2019
        • Albert December 5, 2019
          • Willy January 22, 2020
      • hailuong2712 December 1, 2019
  15. alx November 24, 2019
  16. mihai November 25, 2019
  17. marwan November 26, 2019
  18. imarfarooq November 26, 2019
  19. Tamil November 26, 2019
  20. Rene November 26, 2019
  21. Jailson November 26, 2019
  22. Dharun November 26, 2019
  23. matias November 27, 2019
  24. Mark November 30, 2019
  25. PhamNhut November 30, 2019
  26. Mário Nunes November 30, 2019
    • Yang Kalanishov December 2, 2019
  27. santiago November 30, 2019
  28. someone November 30, 2019
    • Brendan Smith November 30, 2019
      • Cristian December 1, 2019
      • someone December 1, 2019
  29. Sajid Mehdi December 1, 2019
  30. Sajid Mehdi December 1, 2019
  31. Khale Mabelin December 1, 2019
  32. Alamin December 1, 2019
  33. Ariembe December 1, 2019
  34. Zoran December 2, 2019
    • KO_ December 2, 2019
  35. m December 2, 2019
  36. Gérard tougnon December 4, 2019
  37. Wisnu December 5, 2019
  38. Popaj December 6, 2019
  39. sabbhi December 7, 2019
  40. alex December 10, 2019
  41. MUSTAFA ZIYAI December 13, 2019
  42. Eves_23 December 17, 2019
  43. Paulo Moutinho December 17, 2019
    • imran December 18, 2019
  44. ric December 18, 2019
    • Mangy January 6, 2020
  45. fivos December 19, 2019
  46. Ayaz December 20, 2019
  47. DuyPN December 21, 2019
  48. vishal December 22, 2019
  49. Ahmad December 25, 2019
  50. Jayson December 26, 2019
  51. Valentin December 26, 2019
    • Valentin December 26, 2019
  52. Bequer December 27, 2019
  53. ANDI December 27, 2019
  54. Mohamed Hassan December 29, 2019
  55. Michał December 29, 2019
    • Jim December 30, 2019
  56. salameh December 31, 2019
  57. Eyal January 3, 2020
  58. .derp January 5, 2020
  59. Joselito Vital January 6, 2020
  60. AYUSH CHOUDHARY January 8, 2020
  61. Chakrrov January 9, 2020
  62. Raman January 9, 2020
  63. Elmer January 10, 2020
  64. Ramdoss January 14, 2020
  65. imran javed January 19, 2020
  66. brika Aymen January 22, 2020
  67. brika Aymen January 22, 2020

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.