A set of new tools can decrypt files locked by Stop, a highly active ransomware
Thousands of ransomware victims may finally get some long-awaited relief.
New Zealand-based security company Emsisofthas built a set of decryption tools for Stop, a family of ransomware that includes Djvu and Puma, which they say could help victims recover some of their files.
Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft said that figure is likely to be far higher.
If you’ve never had ransomware, you’re one of the lucky ones. Ransomware is one of the more common ways nowadays for some criminals to make money by infecting computers with malware that locks files using encryption. Once the Stop ransomware infects, it renames a user’s files with one of any number of extensions, replacing.jpg
and.png
files with.radman
,.djvu
and.puma
, for example. Victims can unlock their files in exchange for a ransom demand — usually a few hundred dollars in cryptocurrency.
Not all ransomware is created equally. Some security experts have been able to unlock some victims’ files without paying up by finding vulnerabilities in the code that powers the ransomware, allowing them in some cases to reverse the encryption and return a victim’s files back to normal.
Stop is the latest ransomware that researchers at Emsisoft have been able to crack.
“The latest known victim count is about 116,000. It’s estimated that’s about one-quarter of the total number of victims.”
Emsisoft
“It’s more of a complicated decryption tool than you would normally get,” sa
Be the first to write a comment.