STOPDecrypter.exe – a decryption tool created by security researchers to recover STOP ransomware locked personal files
STOPDecrypter.exe is an executable created by Michael Gillespie – a renowned security expert and ransomware hunter. He was actively involved in STOP ransomware analysis and creation of the decryption tool. It is designed to help the crypto malware victims to retrieve encrypted files, although it does not work for all variants.
STOP ransomware is one of the most prolific ransomware families around, and many users worldwide get infected each day. Since its release in December 2017, the hackers behind it released dozens of versions, each of which appends different file extensions.
STOPDecrypter.exe can be used to negate the harmful effects of ransomware and retrieve all pictures, music, video, documents, and other files for free. Nevertheless, while some older variants can be deciphered with the tool, it is not that simple when it comes to the newest versions, as the encryption process should be performed offline for it to work.
At the moment of writing, the latest version of STOPDecrypter.exe is STOPDecrypter v184.108.40.206, although it is updated regularly to keep up with the newest STOP ransomware infections, such as Heroset, Stone, Lanset, and others.
|Belongs to||STOPDecrypter tool|
|Purpose||To help STOP ransomware victims to retrieve locked files for free|
|Download link||Direct link|
|Virus Total detection||13/70 – while the detection is most likely a false positive, use the tool at your own risk|
Ransomware is possibly one of the worst and most destructive malware families in existence, as the locked data does not get restored, even after infection removal. That is when victims realize that they must pay cybercriminals a hefty sum (STOP ransomware usually demands $980 or $490 ransom payment in Bitcoins) or lose their files forever.
While it might be hard to choose what to do, paying hackers is not recommended, as they might exploit users' trust and never send the decryption key back. In such a case, users are risking losing not only personal files but also the money.
Fortunately, tools like STOPDecrypter.exe, as security experts are constantly working on ways how to crack the code of ransomware. On the other hand, some ransomware victims might never be able to retrieve their data, as decryption tools are not available for all cryptoviruses. Most of the existing tools can be found on No More Ransom project page online, however.
STOPDecrypter.exe usage instructions
Before you do anything, you need to ensure that you remove the ransomware virus from your computer, as the infection of the malicious software and encryption of files are two separate things. To do that, you should employ reputable security software, such as Reimage or SpyHunter 5Combo Cleaner, although be aware that not all variants of STOP ransomware are recognized by various AV vendors, so a scan with multiple different tools might be needed.
STOPDecrypter.exe is a relatively simple tool to use. However, before putting it to work, it is highly recommended to read a README.txt document, where many questions are answered, and the instructions are given. Once done, you can click on the STOPDecrypter shortcut, click “Yes” and then open the application to view a simple UI.
The next steps highly depend on which STOP ransomware version you are infected with. For some versions, you will simply need to upload ransom note, personal ID and MAC address and proceed with the decryption process, which other cases requires a direct contact security experts that created STOPDecrypter.exe – you can reach out Michael Gillespie on Twitter.
Steps to take if STOPDecrypter.exe does not work
STOPDecrypter.exe should work perfectly fine with versions that use uppercase file extensions, such as .KEYPASS, .PAUSA, .DATASTOP, .INFOWAIT, and others. Additionally, the Puma family of the virus uses XOR encryption, which is quite easy to decode, so all variants of this branch should be decryptable without problems.
Nevertheless, STOPDecrypter.exe might not work for victims if the encryption process was performed when the infected machine contacted the remote server. Fortunately, for other victims, the outcome can be positive as long as the virus did not reach the remote server and performed the encryption offline.
If you belong to the former group of people, and STOPDecrypter.exe did not work for you, you should try data recovery software. You can find all the alternative solutions in articles such as Ferosas ransomware removal instructions.