Over the last few years, several STOP ransomware variants have been released to the market. One of them is the DJVU ransomware, a widely distributed crypto-virus currently being distributed as adware bundles that masquerade as free software downloads, software cracks, or pirated games. In fact, there is a new version of STOP(Djvu) with an extension .bboo that is troubling some Windows users.
Keep on reading to understand the potential danger that this virus poses and how you could get back your files. Follow our recommended STOP(Djvu) ransomware removal and file recovery instructions provided in the later section of the article.
What is STOP(Djvu)?
The STOP(Djvu) ransomware is a file-encrypting virus by using both AES and RSA 1024-bit encryption standards. The main aim of the virus is to lock your files, then demand money as a ransom to get your files restored. This crypto-malware is one of the most common STOP ransomware variants, and it reportedly started in December 2018. The success of the STOP(Djvu) ransomware encouraged its developers to expand their operations and develop new sub-variants.
This malicious malware usually asks for a ransom that amounts to about $900, mainly in Bitcoin equivalent. Besides encrypting files and asking for a ransom, the STOP(Djvu) ransomware has the potential to steal valuable information and resources, such as your bank details and account credentials.
Many victims reported that the STOP(Djvu) virus was injected after they downloaded repacked and infected installers of pirated activators of Windows and Microsoft Office. These programs are distributed by fraudsters though popular malicious websites.
The STOP(Djvu) ransomware may also spread via email spam with malicious attachments, misleading downloads, web injectors, and faulty updates.
Is It Possible to Recover Encrypted Files?
Most victims have recovered their stolen files without paying a ransom to the cybercriminals. One of the powerful tools you can use to recover encrypted files is the STOP DJVU Decryptor by Emsisoft. This Decryptor for STOP(Djvu) can decrypt over 150 malware versions. It helps victims to recover their stolen files without having to pay a ransom to the attackers.
Unfortunately, developers of this crypto-malware keep releasing new versions, so it may take a while before Decryptor tools upgrade their system to tackle new variants. Keep in mind that, for all STOP Djvu variants, you can decrypt your files successfully if they were encrypted by an offline key.
But before you can think of recovering your encrypted files, you need to remove the malware from your computer.
How to Remove the STOP(Djvu) Ransomware?
Some people prefer deleting files associated with the virus manually. But the process is often tedious and technical. If you leave traces of the virus, it will surely multiply and continue encrypting your files. The problem with Trojan viruses like STOP (DJVU) is that it can hide in your system.
The best way to detect and stop a crypto-malware from wreaking havoc on your system is to scan your computer with a powerful anti-malware program. We recommend scanning your device with Outbyte Anti-Malware to find traces of the virus, and then remove them from your system. It will check every corner of your machine, including the Registry, Task Scheduler, and browser extensions. If it finds malicious files, it will quarantine them on the spot.
How to Recover DJVU Files?
To manage the recovery process more effectively, you have to know the Djvu version that corrupted your files. The STOP(Djvu) ransomware essentially has two versions: old and new.
- Old Version: This version comprises a majority of older extensions, mainly from .djvu up to .carote. Decryption for these variants was previously handled by the STOPDecryptor tool for files encrypted with offline keys. The new Emsisoft Decryptor took over the same support. The decryptor will only decrypt your files without sending file pairs if you have an offline key.
- New Version: As touched on earlier, the developers of the STOP(Djvu) ransomware keep releasing variants. Some newly released extensions include .peta, .meds, .domm, .karl, .xoza, .bboo, .kvag, .hese, .nesa, .gero, .boot, and .coharoz, among many others. Most of these new versions are only decryptable by Emsisoft Decryptor.
Offline or Online Key?
Besides knowing the malware extension that corrupted your files, it is also crucial to know which keys the hackers used to lock your files. Is it an offline key or online keys? First, let’s define these two types of encryption keys:
- Offline Key: It indicates that your files were encrypted in offline mode. Usually, when you have this key, you can add to the decryptor to recover those files.
- Online Key: This key was created by the ransomware server. In other words, ransomware servers may generate a random set of keys to encrypt files. In most cases, it is impossible to decrypt such files immediately.
How to Identify Which Key Was Used During the Encryption Process?
You can get IDs used by the STOP(Djvu) ransomware during the encryption process by navigating the SystemID/PersonalID.txt file on your C drive. Nearly all offline IDs end with t1. Besides using the C:\SystemID\PersonalID.txt file to verify encryption keys by viewing the Personal ID, you can also check an offline key in the _readme.txt note.
With that said, the quickest way to know which key was used in the encryption, follow these steps:
- Go to the C:\SystemID\ folder on your infected device and find the PersonalID.txt file.
- After that, check if the file has only one or multiple IDs.
- If an ID ends with t1, then there is a high likelihood that hackers locked some of your files with an offline key, which means they are recoverable.
- If none of the IDs listed ends with t1, then all the affected files were most likely encrypted with online keys. In this case, you may not recover your files immediately.