STOP Djvu Ransomware

STOP Djvu Ransomware Description

The STOP ransomware family, also denominated the STOP Djvu Ransomware family, is a threatening piece of malware. The STOP Djvu is just one of the multiple threats that share common characteristics and originate from the STOP ransomware, even though some of their methods to affect file types and encrypt file extensions differ.

The original STOP Ransomware was spotted by security researchers as early as February 2018. However, since then it has evolved, and its family of clones and offshoots has grown. The primary method of distribution of the STOP ransomware was spam email campaigns using corrupted attachments.

The STOP Djvu ransomware performs in a way similar to other ransomware threats of its kind, encrypting and blocking access to key files users may be utilizing in their system. Personal files, pictures, documents and more can be encrypted and essentially disabled for all users on the machine. STOP Djvu ransomware was first spotted back in December 2018 in what appeared to be a pretty successful campaign of infection online. Researchers were unaware of the way the ransomware spread, but later victims reported they were discovering infections after they were downloading keygens or cracks. Once the infiltration occurs, STOP Djvu ransomware changes the Windows settings, appending files with a range of names, such as .djvu, .djvus, .djvuu, .uudjvu, .udjvu or .djvuq and the recent .promorad and .promock extensions. The newer versions don't have a decryptor yet, but the older ones can be decrypted using the STOPDecrypter. Users are advised to avoid paying any ransom, no matter what.

The method used to block access to the files uses the RSA encryption algorithm. Although the decryption of the files may seem hard for inexperienced users, there is definitely no need to make any effort to pay the people behind the threat. False promises are usually given in such situations, so users may quickly find out they are ignored once payments were made.

Attacks of the STOP Djvu ransomware were first reported in late 2018. The main method of distribution for the STOP Djvu remained spam emails and tweaks to the core of the ransomware were relatively minor. The majority of fake, compromised attachments used in the spam emails were macro-enabled office documents or fake PDF files that would run the ransomware without the victim's knowledge. The behavior of the STOP Djvu has not changed much either - the ransomware still deleting all the Shadow Volume snapshots to get rid of backups, then starts encrypting the victim's files.

There are minor changes to the ransom note, which is saved as '_openme.txt' to the victim's desktop. The text of the ransom note can be found here:

’[ransom note start]
———————— ALL YOUR FILES ARE ENCRYPTED ————————

Don't worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don't try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.

——————————————————————————————————-

To get this software you need write on our e-mail:
helpshadow@india.com

Reserve e-mail address to contact us:
helpshadow@firemail.cc

Your personal ID: [string]
[ransom note end]’

The ransomware limited itself to renaming the encrypted files with the .djvu extension originally, which was a curious choice because .djvu is actually a legitimate file format developed by the AT&T Labs and used for storing scanned documents, somewhat similar to the Adobe's .pdf. Later versions of the ransomware adopted a series of other extensions for encrypted files, including '.chech,' '.luceq,' '.kroput1,' '.charck,' '.kropun,,' .luces,' '.pulsar1,' '.uudjvu,' '.djvur,’ '.tfude,' '.tfudeq' and '.tfudet'.

Certain strains of the STOP Djvu ransomware can be decrypted for free, using the so-called 'STOPDecrypter' that was developed by the security researcher Michael Gillespie and is available online as a free download.

Do You Suspect Your PC May Be Infected with STOP Djvu Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like STOP Djvu Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.