Antivirus maker Emsisoft has published today a free decryption utility for the STOP ransomware strain, today’s most active and widespread ransomware family.
The decrypter can unlock 148 of the 160 variants of the STOP ransomware. Emsisoft recently ranked STOP as the top ransomware threat during the last six months (2019 Q2 and Q3).
Image: Emsisoft
According to Emsisoft, there are “more than 116,000 confirmed victims and an estimated total of 460,000 victims” who now stand to benefit from the STOP decryption utility the company released today.
The New Zealand-based company said the STOP ransomware has been distributed exclusively over the past year via key generators and cracks uploaded on warez sites or torrent portals.
Users looking to unlock pirated software would often download these key generators or cracks, and get a nasty surprise in the form of a ransomware strain that encrypted their files and demanded a ransom payment.
Over the past year, STOP has made victims all over the world, dwarfing any other ransomware operation on the market, in terms of reach.
Image: Emsisoft
“Unfortunately, this tool will not work for every victim as it can only recover files encrypted by 148 of the 160 variants,” Emsisoft said. “We estimate that this will enable approximately 70% of victims to recover their data.
“For people affected by the remaining 12 variants, no solution currently exists and we are unable to offer further assistance at this point in time. We recommend that those who find themselves in this position archive the encrypted data in case a solution becomes available in the future,” the company said.
The STOP ransomware decrypter is available for download from the Emsisoft website. A usage guide is also available on the same page to guide users through the decryption process.
A separate decrypter was also released for the STOP ransomware PUMA variant, available as a separate download from here.
Both decrypters should be able to help STOP victims who had their files encrypted up to August 2019, Emsisoft said.
Credit: Zdnet
