STOP ransomware

September 10, 2018

What is STOP

STOP ransomware is asking $600 ransom to recover encrypted files.

How does STOP works

Should I pay the money to decrypt STOP ransomware files?  04/06/18 1

STOP ransomware is a file locking virus that first showed up in February 2018. The malware uses a combination of AES and RSA encryption algorithms to encode files and adds .STOP appendix. The malicious software was updated several times since its release, and new variants added .SUSPENDED, .CONTACTUS, .DATASTOP file extensions. The latest version, Keypass ransomware, infected users in more than 20 countries in just a few weeks. STOP virus authors ask for $300-$600 in Bitcoin for file decryptor and claim that the only way to recover data is paying the criminals within 72 hours of the infection.

STOP ransomware

STOP ransomware was discovered in December 2017. However, new variants appeared in July 2018 and some previous months. All of them behave similarly but appends new file extensions to the targeted data, provides slightly different ransom notes and use new contact email addresses.

Download Removal Toolto remove STOP

The original version of malware adds .STOP file extension to make files inaccessible on the affected Windows computer. As soon as STOP ransomware finishes the encryption procedure, the virus delivers a ransom note in “!!! YourDataRestore !!! txt” file. The message of the crooks tells that victims have to pay the ransom in 72 hours.

Authors of STOP virus demand to pay $600 in three days time. In order to give proof, hackers allow sending 1-3 “not very big” files for free test decryption to stopfilesrestore@bitmessage.ch or stopfilesrestore@india.com. However, these might be the only files you manage to get after the ransomware attack. Once you pay the ransom, crooks might disappear because they get what they wanted from you.

STOP ransomware is spreading around with four different extensions: .STOP, .SUSPENDED, .CONTACTUS, .DATASTOP.

Therefore, we highly recommend forgetting about data recovery at the moment. The most important task is to remove STOP ransomware from the computer in order to make the system safe. For this reason, we suggest scanning the affected machine with or similar anti-malware to clean all malicious components.

It’s crucial to use professional security tools because this cyber threat might alter Windows Registry, create new keys, install malicious files or affect legitimate system processes. It means that manual termination is nearly impossible. If you try to located and delete these entries yourself, you might cause damage to your machine. Hence, do not risk!

Once you take care of STOP ransomware removal, you can safely plug in external storage drive with backups or export needed files from cloud storage. If you haven’t backed up your files yet and cannot perform full data recovery, you should try third-party tools that we mentioned at the end of the article. Hopefully, some of the files will be rescued.

How to delete STOP

At the beginning of the year, in February, malware researchers reported about STOP malware variant that uses .SUSPENDED file extension to lock documents, multimedia, databases, archives, and many other files. The behavior of ransomware is similar to the previous version, but it downloads a different ransom note after file encryption.

Download Removal Toolto remove STOP

Suspended ransomware provide recovery instructions in “!!RestoreProcess!!!.txt file and ask to send unique victim’s ID and preferred sample files for the decryption to suspendedfiles@bitmessage.ch or suspendedfiles@india.com email addresses. The size of the ransom and deadline remain the same.

STOP ransomware came back with another version – Suspended ransomware.

At the end of May, another variant of STOP ransomware virus hit the surface. The latest version uses .CONTACTUS file extension to lock targeted files. Not only the appended suffix was changed. Crooks also renamed data recovery instructions, and now inform about the cyber attack and recovery options in !!!RESTORE_FILES!!!.txt. The contact email addresses were changed too: decryption@bitmessage.ch and decryption@india.com:

Unfortunately, malware researchers haven’t created a free decryptor yet. Hence, proceeding with hackers’ instructions might seem like the only option right not. However, we want to stress out that this is a very risky task which may lead to a huge money loss. Once you pay those $600, you might be asked to pay for more. If you disagree or be left without promised decryption option, no one will help you to trace the criminals and get your money.

We understand that you value your files a lot, but we want to discourage you from taking this action. You should get rid of STOP virus and try to restore data alternatively. Finally, the cyber attack might become a hard lesson why cyber security and backing up is a very important topic.

The executable of a file-encrypting virus typically spreads via malicious spam emails that include attachments. With the help of social engineering, criminals trick victims into opening obfuscated attachment and letting malware into the system. You can spot a dangerous email from these signs:

You did not expect to get this email (e.g., you haven’t ordered anything from Amazon, and you do not expect a FedEx courier to bring any parcel). The letter lacks of credentials, such as company logo or signature. The email is full of mistake or weirdly structured sentences. The letter does not have a subject line, the body is empty and it includes only an attachment. The content of the email urges to check the information in the attachment. Sender’s email address seems suspicious.

STOP malware has been actovely spreading around with the help of spam.

However, specialists from tell that malware can also sneak into the system when a user clicks on a malicious ad, downloads corrupted program or its update, and applying any other techniques.

For this reason, internet users should learn to identify potential risks that might be lurking on the web. We want to remind that any security software can fully protect you from ransomware attack. For this reason, watching your clicks and downloads, as well as creating and regularly updating backups are a must!

First of all, we want to discourage you from removing ransomware manually. This cyber threat includes numerous files and components that might look like legitimate system processes. Therefore, you can easily delete wrong entries and cause more damage. For this reason, you have to opt for automatic STOP ransomware removal.

Download Removal Toolto remove STOP

The virus might block access to security software which is needed for the removal, so you should disable the virus first by booting to Safe Mode with Networking. The instructions below will explain to you how it’s done. It doesn’t matter which version of malware affected your PC, the removal guide remains the same.

When in Safe Mode, download, install and update , Anti-MalwareNorton Internet Security or . Then, run a full system scan and wait until the program finishes cleaning the system and helps you remove STOP ransomware. Later you can plug in backups to recover your files or try alternative methods presented below.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to STOP. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove STOP Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for STOP or anything related to it, and once you find it, press ‘Remove’.

Uninstall STOP Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for STOP or anything related to it, and once you find it, press ‘Remove’.

Delete STOP Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for STOP or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If STOP.safariextz appears on the list, select it and press ‘Clear’.

Remove STOP Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for STOP or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that STOP is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the STOP program.
  7. Select STOP or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from STOP

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete STOP

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect STOP, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find STOP in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *

*