What is STOPDecrypter.exe? Should I remove it?

by Alice Woods - -

STOPDecrypter.exe – a decryption tool created by security researchers to recover STOP ransomware locked personal files

STOPDecrypter.exe is an executable created by Michael Gillespie – a renowned security expert and ransomware hunter. He was actively involved in STOP ransomware analysis and creation of the decryption tool. It is designed to help the crypto malware victims to retrieve encrypted files, although it does not work for all variants.

STOP ransomware is one of the most prolific ransomware families around, and many users worldwide get infected each day. Since its release in December 2017, the hackers behind it released dozens of versions, each of which appends different file extensions.

STOPDecrypter.exe can be used to negate the harmful effects of ransomware and retrieve all pictures, music, video, documents, and other files for free. Nevertheless, while some older variants can be deciphered with the tool, it is not that simple when it comes to the newest versions, as the encryption process should be performed offline for it to work.

At the moment of writing, the latest version of STOPDecrypter.exe is STOPDecrypter v2.1.0.9, although it is updated regularly to keep up with the newest STOP ransomware infections, such as HerosetStoneLanset, and others.

Name STOPDecrypter.exe
Type Executable
Belongs to STOPDecrypter tool
Purpose To help STOP ransomware victims to retrieve locked files for free
Developer Michael Gillespie
Download link Direct link
Virus Total detection 13/70[1] – while the detection is most likely a false positive, use the tool at your own risk

Ransomware is possibly one of the worst and most destructive malware families in existence, as the locked data does not get restored, even after infection removal. That is when victims realize that they must pay cybercriminals a hefty sum (STOP ransomware usually demands $980 or $490 ransom payment in Bitcoins) or lose their files forever.

While it might be hard to choose what to do, paying hackers is not recommended, as they might exploit users' trust and never send the decryption key back. In such a case, users are risking losing not only personal files but also the money.

Fortunately, tools like STOPDecrypter.exe, as security experts are constantly working on ways how to crack the code of ransomware. On the other hand, some ransomware victims might never be able to retrieve their data, as decryption tools are not available for all cryptoviruses. Most of the existing tools can be found on No More Ransom project page online, however.

STOPDecrypter.exe usage instructions

Before you do anything, you need to ensure that you remove the ransomware virus from your computer, as the infection of the malicious software and encryption of files are two separate things. To do that, you should employ reputable security software, such as Reimage or SpyHunter 5Combo Cleaner, although be aware that not all variants of STOP ransomware are recognized by various AV vendors, so a scan with multiple different tools might be needed.

STOPDecrypter.exe is a relatively simple tool to use. However, before putting it to work, it is highly recommended to read a README.txt document, where many questions are answered, and the instructions are given. Once done, you can click on the STOPDecrypter shortcut, click “Yes” and then open the application to view a simple UI.

The next steps highly depend on which STOP ransomware version you are infected with. For some versions, you will simply need to upload ransom note, personal ID and MAC address and proceed with the decryption process, which other cases requires a direct contact security experts that created STOPDecrypter.exe – you can reach out Michael Gillespie on Twitter.[2]

Steps to take if STOPDecrypter.exe does not work

STOPDecrypter.exe should work perfectly fine with versions that use uppercase file extensions, such as .KEYPASS, .PAUSA, .DATASTOP, .INFOWAIT, and others. Additionally, the Puma family of the virus uses XOR[3] encryption, which is quite easy to decode, so all variants of this branch should be decryptable without problems.

Nevertheless, STOPDecrypter.exe might not work for victims if the encryption process was performed when the infected machine contacted the remote server. Fortunately, for other victims, the outcome can be positive as long as the virus did not reach the remote server and performed the encryption offline.

If you belong to the former group of people, and STOPDecrypter.exe did not work for you, you should try data recovery software. You can find all the alternative solutions in articles such as Ferosas ransomware removal instructions.

do it now!
Problem diagnosis program Happiness
Problem diagnosis program Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is a recommended tool to scan your system for possible threats and crappy software. The trial version of the product will find harmful applications in your system.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Your opinion regarding STOPDecrypter.exe