Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Mar 2018

How to remove Stinger ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

Stinger is a crypto-ransomware oriented to English, French, and German PC users

Stinger ransomware. Ransom note example

Stinger is a ransomware type virus that uses that uses AES cipher[1] to encrypt personal files and render them inaccessible. The malware has been detected in the middle of March 2018 by a group of ransomware researchers. While it resembles other crypto-malware viruses in its nature, it can be distinguished by a file extension .Stinger and a text file About .Stinger unlocking instructions.txt that stands for a ransom note.

Name Stinger
Malware type Ransomware
Danger level High (can cause permanent loss of personal files)
Cryptography method AES-256
File extension .Stinger
Ransom note About .Stinger unlocking instructions.txt
Translated into languages English, French, and German
Contact info hackcwand@protonmail.com
Symptoms All personal files encrypted, ransom note created on the desktop and other system's locations. Additionally, the system may run slower than it used to, some processes may be blocked
Distribution Spam, exploit kits, drive-by-download attacks, corrupted remote desktop apps, Trojan
Removal options Automatic. Manual ransomware deletion is not possible. To neutralize and eliminate Stinger, download and run FortectIntego.

The primary target for Stinger ransomware is English, German, and French-speaking PC users, but that doesn't mean that it confines itself to particular regions. Less experienced PC users from any place in the world can download this malware after opening a malicious email attachment or experience a drive-by-download attack.

When the ransomware payload is successfully unpacked, it utilizes the AES-256 cryptography scheme to lock .avi, .bmp, .cpp, .css, .doc, .docx, .dot, .dotx, .eps, .gif, .h, .htm, .html, .inc, .inf, .ini, .jpg , .jpeg, .js, .log, .mp3, .msg, .pdf, .pf, .png, .py, .sdb, .sql, .swf, .txt, .wav, .wma, .wmv,. zip, and other types of personal files.

Each file encrypted by Stinger gets a. Stinger file extension, so that the name of the file looks like that, e.g., sample1.png. Stinger. Manually unlocking the data is not possible. An attempt to rename the files manually can even end up with a permanent loss.

The victim of the attacked PC is informed about the current situation on a ransom note, which occurs in a .txt file format and usually can be found on the desktop. About .Stinger unlocking instructions.txt file can also be added to each folder that contains encrypted data. The ransomware note says:

Hello, friend, Please read the following

Your file has been locked, please do not close the system, or modify the extension name
§Ó§Ñ§ê §æ§Ñ§Û§Ý §Ù§Ñ§Ò§Ý§à§Ü§Ú§â§à§Ó§Ñ§ß, §á§à§Ø§Ñ§Ý§å§Û§ã§ä§Ñ, §ß§Ö §Ù§Ñ§Ü§â§í§ä§î §ã§Ú§ã§ä§Ö§Þ§í §Ú§Ý§Ú §Ú§Ù§Þ§Ö§ß§Ú§ä§î §â§Ñ§ã§ê§Ú§â§Ö§ß§Ú§Ö §æ§Ñ§Û§Ý§Ñ.

Votre dossier est verrouill¨¦, veuillez ne pas le syst¨¨me de fermeture ou de modifier des extensions.
¥Õ¥¡¥¤¥ë¤¬¥í¥Ã¥¯¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¥·¥¹¥Æ¥à¤òé]æi¤·¤¿¤ê¡¢Ãû¤òÐÞÕý¤·¤¿¤ê¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£

Die datei IST gesperrt, bitte nicht verschließen Oder änderung der verlängerung.

Please E-Mail me, unlock the cost USD 100.00.
§±§à§Ø§Ñ§Ý§å§Û§ã§ä§Ñ, §ã§Ó§ñ§Ø§Ú§ä§Ö§ã§î §ã §ï§Ý§Ö§Ü§ä§â§à§ß§ß§à§Û §á§à§é§ä§í, §â§Ñ§Ù§Ò§Ý§à§Ü§Ú§â§à§Ó§Ñ§ä§î §â§Ñ§ã§ç§à§Õ§í USD 100.00.
SID£º[EA2410]

E-mail:hackcwand@protonmail.com

The ransomware note provided by Stinger virus does not provide much information on the ransomware, file decryption or punishments for trying to unlock files without paying the ransom. The crooks urge the victim to email them via hackcwand@protonmail.com to get further instructions. Currently, the Stinger decryptor costs 100 USD, which has to be sent in Bitcoins.[2] 

Stinger ransomware illustration

At the moment of writing, there's not free decryptor available. Nevertheless, paying the ransom is not recommended due to a high risk of money loss. Stinger removal is what we recommend doing instead of establishing the contact with cybercriminals.

You don't have to worry if you have backups for your files. If you don't, make sure to remove Stinger using a professional anti-virus, for example, FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes and then try to recover your files using third-party programs. You can find explicit guidance on how to decrypt files locked by Stinger ransomware at the end of this article.

Spam emails: that's the source of the ransomware payloads

File-encrypting viruses can be distributed via multiple methods, including but not limited to Trojan horses, corrupted apps, hacked websites, exploit kits, compromised remote desktop apps, and similar.

However, statistically, the most significant number of ransomware infections are downloaded by opening an infected email attachment. Cybercriminals use various social engineering strategies to trick people into opening PDF, PNG, JPG, DOC, DOCX or other types of files attached to fake emails. Crooks might try to mimic well-known companies or impersonate various authorities, such as IRS.[3] 

Before opening the received email, think twice whether you have some relationship with the sender. Besides, double check the theme and pay attention to typo and grammar mistakes. Do not open the attachment is the email message does not contain a body text explaining what type of attachment it is and why you received it.

Besides, to prevent the system from being obfuscated with malicious ransomware infections, update your OS, apps, and security programs regularly. Another precautionary measure to protect your files is to create backups at least for the most critical files on an external drive.

Delete Stinger ransomware automatically

Manual Stinger removal is not possible, experts from NoVirus.uk[4] claim. Ransomware programs consist of multiple malicious entries and processes, which are scattered and hidden in various system's places to evade detection and removal. If you've been attacked by .Stinger file extension virus already, remove Stinger malware as soon as you can using FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes.

After that, you can try to unlock your files with the help of third-party data recovery tools, retrieve files from backups or try to enable the previous version of the files in case System Restore Point has been created before the attack.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.