Updated 06 Feb 2020
Updated 20 Jan 2020
Updated 06 Jan 2020
List of the New Stop/Djvu variants for 148 variants that Emsisoft can decrypt.
.shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudet, .tfudeq, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote
Updated 02 Dec 2019
List of the New Stop/Djvu variants that Emsisoft can decrypt. FOR OFFLINE KEY ONLY!
Updated 25 Nov 2019
Emsisoft Decryptor has obtained and uploaded to server OFFLINE KEYS for the following new STOP (Djvu) variant:
Updated 9 Nov 2019
Decryptor v.22.214.171.124 by Emsisoft currently can decrypt NEW Stop/Djvu variant with file extension:
Terms: Files encrypted with OFFLINE KEY.
There are certain limitations regarding what files can be restored. Speaking of all versions of STOP Djvu, the information can be properly decrypted if they were ciphered by means of an offline key that is available with the developers of the Emsisoft Decryptor. As for Old Djvu, the files can be also decrypted by means of encrypted/original file pairs provided to the STOP Djvu Submission portal. Keep in mind that this is not applicable to New Djvu that was elaborated after August 2019.
What is a “file pair”?
This is pair of files that are identical (as in they are the precise same data), except one duplicate is encrypted and the other is not. STOP Djvu Submission portal can analyze the differences between an encrypted file and an original copy of the same file, allowing it to determine how to decrypt that file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back.
How to restore your files?
- Start downloading the decryption tool through the same website that developed this “How To” guide.
- Make sure to launch the decryption utility as an administrator. You need to agree with the license terms that will come up. For this purpose, click on the “Yes” button:
- As soon as you accept the license terms, the main decryptor user interface comes up:
- Based on the default settings, the decryptor will automatically populate the available locations in order to decrypt the currently available drives (the connected ones), including the network drives. Extra (optional) locations can be selected with the help of the “Add” button.
- Decryptors normally suggest several options considering the specific malware family. The currently possible options are presented in the Options tab and can be activated or deactivated there. You may locate a detailed list of the currently active Options below.
- As soon as yo add all the desired locations for decryption into the list, click on the “Decrypt” button in order to initiate the decryption procedure. Note that the main screen may turn you to a status view, letting you know of the active process and the decryption statistics of your data:
- The decryptor will notify you as soon as the decryption procedure is completed. If you need the report for your personal papers, you can save it by choosing the “Save log” button. Note that it is also possible to copy it directly to your clipboard and to paste it into emails or forum messages if you need to do so.
DJVU Decryptor options
The decryptor at this moment performs the following options:
- Keep encrypted files
Considering the fact that the ransomware does not store any data regarding the unencrypted documents, the decryptor does not guarantee that the decrypted file will be identical to the one that was initially encrypted. Hence, the decryptor, based on the default settings, will for safety reasons not delete any encrypted documents after they have been decrypted. In case you would like the decryptor to delete any ciphered documents once they have been decrypted, it is possible to deactivate this feature. Note that this may be applicable if the space on your hard drive is limited.
Frequently Asked Questions
Why won’t the decrypter run?
Why is the decrypter stuck on “Starting”?
The decrypter can’t decrypt all of my pictures even though I submitted file pairs for them?
What does “Remote name could not be resolved” mean?
Is there anything I can do to help catch these criminals?
- In the United States: On Guard Online;
- In Canada: Canadian Anti-Fraud Centre;
- In the United Kingdom: Action Fraud;
- In Australia: SCAMwatch;
- In New Zealand: Consumer Affairs Scams;
- In France: Agence nationale de la sécurité des systèmes d’information;
- In Germany: Bundesamt für Sicherheit in der Informationstechnik;
- In Ireland: An Garda Síochána;
User Review( votes)