• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Geek's Advice

IT News, Software Reviews, How To's & Computer Help

  • News
  • Reviews
  • Removal guides
  • Fix
  • Tutorials
  • Forum
  • ASK A GEEK

STOP/DJVU Decryption Tool Released: Recover Files For Free

October 18, 2019 By Norbert Webb 20 Comments

Lucky day for all DJVU ransomware victims – free decryption is available

Contents

  • Lucky day for all DJVU ransomware victims – free decryption is available
    • Decryption rules
    • Beware of the Azorult Trojan bundled with the ransomware
  • Decryptable versions list

STOP (DJVU) ransomware is finally defeated – the unbeatable malware analyst Michael Gillespie contributed to the most desired ransomware decryptor today. The analyst released a STOP DJVU Decrypter together with Emsisoft, and this tool can decrypt files locked by 148 variants out of 160.

According to Emsisoft, the ransomware encryption was broken by attacking the keystream using side-channel. To clarify, it is the first-ever used method to break ransomware encryption and help victims recover their files on a global scale.

stop djvu decryptor released
Victims of 148 DJVU ransomware versions can recover all or part of their data thanks to Emsisoft and Michael Gillespie.

The security firm forecasts that STOP Decryption tool will help approximately 70% of ransomware victims restore their files for free. Unfortunately, for the remaining 12 variants of the ransomware (which mostly emerged at the end of August 2019), no decryption solutions are found. Victims of these versions are advised to backup their files and wait.

Emsisoft reports that there are 116,000 confirmed DJVU ransomware victims and it is believed that the real number of victims is nearly half a million.

Decryption rules

STOP/DJVU Decryptor can recover files using OFFLINE keys obtained by the malware researchers, or using encrypted+original file pairs submitted to Emsisoft’s server. In addition, these files must be over 150KB.

Unfortunately, ransomware variants which were pushed at the end of August 2019 (the new variants) cannot be decrypted at a time. Victims of these versions should backup the encoded data and hope for the best.

djvu decryptor disclaimer
DJVU Decryptor disclaimer states scenarios in which files can be recovered.

Beware of the Azorult Trojan bundled with the ransomware

This ransomware strain is known to bundle Azorult Trojan alongside it, which, once installed on the target system, starts stealing private data from the computer. Data that it steals mainly consists of logins, passwords, and other private information. It can be later used to empty victim’s bank accounts or be sold on the dark web.

Victims infected by STOP variants such as Bora, Reco, Noos, Nesa and others should first remove DJVU ransomware along with Azorult password-stealing trojan and then focus on data decryption.

Decryptable versions list

STOP/DJVU Decryptor can restore files locked by OFFLINE keys, and, if you’re lucky, ONLINE keys too. Check the extensions list below for all supported ransomware extensions.

.bora, .reco, .kuub, noos, .nesa, .karl, .kvag, .moka, .shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .godes, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovat, .roland, .refols, .grovas, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .rezuc, .stone, .skymap, .mogera, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .herad, .berosuce, .lokas, .budak, .vusad, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote, .gero, .hese, .seto, .peka, .puma, .pumax, .pumas, .DATAWAIT, .INFOWAIT.

If you are one of the people who were hit by this malicious file-encrypting virus, check the guide on how to decrypt STOP/DJVU encrypted files.

norbert webb author at geeksadvice.com
Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.

Related posts:

  1. Remove ZOBM Ransomware Virus (2023 Guide) ZOBM ransomware is yet another DJVU ransomware updateContentsZOBM ransomware is...
  2. Remove TOEC Ransomware Virus (Decryption Guide) TOEC ransomware infects computers to encrypt all files on themContentsTOEC...
  3. Remove XOZA Ransomware Virus (2023 Guide) XOZA ransomware version emerges: victims infected worldwideContentsXOZA ransomware version emerges:...

Filed Under: News Tagged With: DJVU

Reader Interactions

Comments

  1. Henry says

    November 12, 2021 at 3:53 am

    My pc has been infected by the .rugj strain is there software available to decrypt

    Reply
  2. Raoni da C Leal says

    November 2, 2021 at 4:09 pm

    Fui infectado com o vírus .rugj randsomware e preciso muito recuperar meus arquivos. Qual orientação ?

    Reply
  3. Mahesh Lad says

    October 29, 2021 at 4:36 am

    my system was attacked by and all files got added extension “.zaps”. and now i have taken all dat copy to extern drive and formatted my system. need to recover data. what could be the possibility.

    Reply
  4. Renan Neves says

    August 30, 2021 at 11:43 pm

    Fui infectado no dia 08 de Agosto de 2021, um vírus da variante STOP DJVU com a extensão .NOOA

    Todos meus arquivos foram criptografados com uma onlineID.

    Existe alguma esperança em recuperar os meus dados?

    Reply
  5. Renan Neves says

    August 30, 2021 at 11:41 pm

    fui infectado por stop djvu de uma onlineID é possível recuperer os dados ?

    Reply
  6. Mohamed says

    August 25, 2021 at 9:50 pm

    All file encrypted to ORKF can you help me

    Reply
  7. Marius says

    June 23, 2021 at 8:21 pm

    Hello. My files are infected now, the extension is .ddsg . Can u help me? please!

    Reply
  8. Andrei says

    June 7, 2021 at 5:24 am

    I have been infected with .pahd randsomware virus and it is vital for me to recover my files. Is there any change to do that ? What`s your advice ? Thank you

    Reply
  9. saurab SARKER says

    March 14, 2021 at 2:35 pm

    i got a new ransomware may be by Djvu that extension file named by .ribd please help me to recovery my all file

    Reply
  10. Max says

    November 15, 2020 at 4:08 pm

    moi j’ai ma thèse bloquée par l’extension .vpsh , je ne rien faire, j ‘ai besoin d’aide.

    Reply
« Older Comments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

SEARCH OUR SITE

Trending

decrypt files locked by stop djvu ransomware virus

Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2023 Guide)

Some STOP/DJVU ransomware victims can decrypt or … [Read More...] about Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2023 Guide)

Remove STOP/DJVU Ransomware Virus (2023 Guide)

STOP/DJVU in 2023: more than 690 versions, latest … [Read More...] about Remove STOP/DJVU Ransomware Virus (2023 Guide)

Remove Segurazo Antivirus (SAntivirus Removal Guide 2023)

Segurazo review: is it a virus? Segurazo … [Read More...] about Remove Segurazo Antivirus (SAntivirus Removal Guide 2023)

easy ways to fix dns_probe_finished_nxdomain error on windows, mac, android, chromebook

Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

DNS_PROBE_FINISHED_NXDOMAIN error … [Read More...] about Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

POPULAR SOFTWARE REVIEWS

Intego Mac Washing Machine X9 review 2022

Intego Mac Washing Machine X9 Review (2023)

Mac Washing Machine X9 is an essential Mac cleaner that keeps your computer clutter-free Intego … [Read More...] about Intego Mac Washing Machine X9 Review (2023)

Private Internet Access Review

Private Internet Access Review 2023: Fast, Secure & Cheap VPN

Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet … [Read More...] about Private Internet Access Review 2023: Fast, Secure & Cheap VPN

restoro review 2020

Restoro Review 2023: Best Windows Repair Tool?

What is Restoro and how it works? Restoro is primarily a PC repair software designed for Windows … [Read More...] about Restoro Review 2023: Best Windows Repair Tool?

OUR EXPERTS RECOMMEND

Comprehensive PC Repair Software

geek's advice recommends restoro pc repair as editors choice
DOWNLOAD NOW
  • Uses Avira engine to remove malware
  • Repairs Virus Damage
  • Fixes Windows Errors & BSOD
  • Replaces Damaged DLLs
  • Repairs Damaged Windows Settings
  • Identifies Hardware Problems

Compatible with Microsoft Windows.

Read Full Review

Robust Mac Antivirus

geek's advice recommends intego mac internet security x9 as editors choice
GET INTEGO
  • 24/7 real-time protection
  • Intelligent firewall
  • Scans emails for malware
  • Scans iOS devices & external drives
  • Excellent malware detection rate
  • Easy-to-use

Compatible with Mac OS X 10.9-13.

Read Full Review

Copyright © 2023 Geeksadvice.com. Any unauthorized copying, redistribution or reproduction of part or all of the site contents in any form is prohibited.

About Us · Terms of Use · Privacy Policy · Contact Us