STOPDecrypter.exe – a decryption tool created by security researchers to recover files locked by STOP ransomware
STOPDecrypter.exe is a legitimate executable presented by Michael Gillespie – a renowned security expert and ransomware hunter. Being actively involved in STOP ransomware analysis, the researcher designed a tool helping the victims of crypto-malware to retrieve encrypted files. Beware: it does not work for all variants! Recently, hackers have started using different encryption methods making the decrypter completely useless.
STOP Decrypter was introduced because of STOP ransomware which is one of the most prolific ransomware families around. Its sub-family DJVU has also been active recently. Since its release in December 2018, the hackers behind these two viruses have released dozens of versions, each of which appends different file extensions.
STOPDecrypter.exe can be used to negate the harmful effects of ransomware and retrieve all pictures, music, video, documents, and other files for free. Nevertheless, while some older variants can be deciphered with the tool, it is not that simple when it comes to the newest versions as the encryption process can be performed only with offline malware versions.
At the moment of writing, the latest version of STOPDecrypter.exe is STOPDecrypter v188.8.131.52. You can download it from here.
|Belongs to||STOPDecrypter free decryption tool|
|Purpose||To help the victims of STOP ransomware to retrieve locked files for free|
|Download link||Direct link|
|Virus Total detection||13/70 – while the detection is most likely a false positive, use the tool at your own risk|
STOPDecrypter.exe had been updated constantly till hackers changed the way they encrypt victim's data. Starting with starting with Coharos ransomware, Gero ransomware and Hese ransomware, the tool won't work. However, infections such as Heroset, Stone, Lanset and others (OFFLINE) will be decrypted.
Ransomware is possibly one of the worst and most destructive malware families in existence, as the locked data does not get restored, even after infection removal. That is when victims realize that they must pay cybercriminals a hefty sum (STOP ransomware usually demands $980 or $490 ransom payment in Bitcoins) or lose their files forever.
While it might be hard to choose what to do, paying hackers is not recommended as they might misuse your trust and never send the decryption key back after receiving the payment. In such a case, users are risking losing not only personal files but also the money.
Fortunately, security experts are constantly working on ways how to crack the code of ransomware. STOPDecrypter.exe is one of them. On the other hand, some ransomware victims might never be able to retrieve their data, as decryption tools are not available for all cryptoviruses. Most of the existing tools can be found on No more Ransom project page online.
STOPDecrypter.exe usage instructions
Before you do anything, you need to ensure that you remove the ransomware virus from your computer, as the infection of the malicious software and encryption of files are two separate things. To do that, you should employ reputable security software, such as Reimage or SpyHunter 5Combo Cleaner, although be aware that not all variants of STOP ransomware are recognized by various AV vendors, so a scan with multiple different tools might be needed.
STOPDecrypter.exe is a relatively simple tool to use. However, before putting it to work, it is highly recommended to read a README.txt document, where many questions are answered, and the instructions are given. Once done, you can click on the STOPDecrypter shortcut, click “Yes” and then open the application to view a simple UI.
The next steps highly depend on which STOP ransomware version you are infected with. For some versions, you will simply need to upload ransom note, personal ID and MAC address and proceed with the decryption process, which other cases requires a direct contact security experts that created STOPDecrypter.exe – you can reach out Michael Gillespie on Twitter.
Steps to take if STOPDecrypter.exe does not work
STOPDecrypter.exe should work perfectly fine with versions that use uppercase file extensions, such as .KEYPASS, .PAUSA, .DATASTOP, .INFOWAIT, and others. Additionally, the Puma family of the virus uses XOR encryption, which is quite easy to decode, so all variants of this branch should be decryptable without problems.
Nevertheless, STOPDecrypter.exe might not work for victims if the encryption process was performed when the infected machine contacted the remote server. Fortunately, for other victims, the outcome can be positive as long as the virus did not reach the remote server and performed the encryption offline.
If you belong to the former group of people, and STOPDecrypter.exe did not work for you, you should try data recovery software. You can find all the alternative solutions in articles such as Meds ransomware removal instructions.