STOP Ransomware (.STOP .Djvu, .Puma, .Promo) Support Topic

New variant reported with .wisz (V0853) extension.

New variant reported with .wiaw (V0854) extension.

hello ive got infected by .wiaw  Is there any chance for me to recover it?

hello ive got infected by .wiaw  Is there any chance for me to recover it?

Please read the first page of this topic for a summary of this infection, it's variants, any updates and possible decryption solutions.

- Decryption of new STOP (Djvu) variants is possible IF infected with an OFFLINE KEY using the Emsisoft Decryptor only after obtaining and sharing the corresponding private key from victims who paid the ransom for a specific variant.  OFFLINE KEYS will work for ALL victims who were encrypted by the same key. If there is no OFFLINE KEY available for any specific variant, then your files cannot be decrypted at this time. We have no way of knowing when or if a private key for an OFFLINE ID will ever be recovered and shared with Emsisoft. However, at this point it appears Emsisoft has discontinued development and stopped all support of the decryptor.

Development of the Emsisoft Decryptor has been discontinued.

There has been no support for a long time. 

The process of a reinstall/ refresh/reset Windows, a reformat or factory reset will remove ransomware related malicious files but it also will erase all the data on your computer to include your encrypted files, ransom notes, any programs you installed and any changed settings on your computer so backup your important data first even if it is encrypted.
 
The encrypted files and ransom note text files do not contain malicious code so they are safe. Alternatively, you can remove the hard drive, store it away and replace it with a new hard drive.

You can simply reinstall the system or roll back to factory settings.

You can save the encrypted files (for later decryption) and/or use them as you wish.

Edited by SuddenDeath83, 03 March 2024 - 04:27 PM.

As noted previously....Decryption of new STOP (Djvu) variants is possible IF infected with an OFFLINE KEY using the Emsisoft Decryptor only after obtaining and sharing the corresponding private key from victims who paid the ransom for a specific variant. 
 
However, at this point it appears Emsisoft has discontinued development and stopped all support of the decryptor .
 
in cases where there is no free decryption tool (or a previous tool no longer works for newer variants), restoring from back ups is not a viable option and file recovery software does not work, the only other alternative to paying the ransom (which is not advisable) is to backup/save your encrypted data as is and wait for a possible solution at a later time

I understood.. Thank you for information.

As noted previously....Decryption of new STOP (Djvu) variants is possible IF infected with an OFFLINE KEY using the Emsisoft Decryptor only after obtaining and sharing the corresponding private key from victims who paid the ransom for a specific variant. 
 
However, at this point it appears Emsisoft has discontinued development and stopped all support of the decryptor .
 
in cases where there is no free decryption tool (or a previous tool no longer works for newer variants), restoring from back ups is not a viable option and file recovery software does not work, the only other alternative to paying the ransom (which is not advisable) is to backup/save your encrypted data as is and wait for a possible solution at a later time

I wish we had better news but you're welcome.