STOP Ransomware (.STOP .Djvu, .Puma, .Promo) Support Topic

 

We can decrypt any .DATAWAIT and .INFOWAIT variants even without the ransom note : we absolutly need a pair of crypted/original file bigger than 150 Ko to brute force the key.

For the other variants we have to check each request to confirm.

 

You can contact me directly at emte@adc-soft.com

Hi, thank you for your efforts.

I wanted to check, is decryption still not free for users who doesn't have Dr.Web licence during the ransomware accident ... as you said in the previous posts? (Especially .DATAWAIT)

 

Yes, Dr.Web decryptors are never free, except for computers with Dr.Web antivirus in use when the files have been encrypted. The charges are reasonable, 150 EUR.

If and when a free decryptor will be available, you will be informed immediatly by the Bleeping Computer Forum.

Kind regards,

Emmanuel - emte@adc-soft.com

--

Emmanuel Teillard d'Eyry – Support Service Manager

ADC-Soft | 18bis, rue de l'Est - 92100 Boulogne-Billancourt (France)
emte@adc-soft.com - Phone: +33 (0) 967 37 28 90
Partner of Dr.Web for ransomware decryption : https://partners.drweb.com/find_partner?mode=search&country=64&city=1161&searchByName=&lng=en

hello Emmanuel - any update on the <<.PUMAX>> decryption?.....

Anxiously waiting

Shubham sharma

Hello Emmanuel - any update on the <<PUMAX>> decryption?.... I have sent 2 cryptic files for your testing

anxiously waiting

Regards - Shubham sharma

Hello Emmanuel - any update on the <<PUMAX>> decryption?.... I have sent 2 cryptic files for your testing

 

anxiously waiting

 

Regards - Shubham sharma

Hello,

I am asking our ransomware lab if we can decrypt this new variant of the Stop ransomware : https://twitter.com/MarceloRivero/status/1065694365056679936

I will come back to you with the answer on Monday.

Extensions .puma and .pumax relate to new variants STOP Ransomware.

Is STOP ransomware written in aes 128 bit encryption?

This crypto ransomware encrypts user data using AES (CFB mode)...

Edited by Amigo-A, 26 November 2018 - 02:30 AM.

Hi everyone, the PUMAX ransomware have been decrypted.

I just recovered some files for my friend. If anyone need help with that, contact me with email: xinyu.feng1995@gmail.com I'd like to help.

P.S. It requires you have an original healthy file and the encrypted version for this file(large than 150KB would be best) to generate the key, then I can use this key to recover your other files. Otherwise I can't help =( 

Edited by h29551442, 27 November 2018 - 12:25 AM.

Just an update for those impacted by .WAITING. ADC-Soft in above thread tried to decrypt but was unable. So we are still waiting for a solution in the future. Many thanks to Emmanuel @ ADC-SOFT for trying!! thanks again.

For anyone with .puma, .pumas, or .pumax extensions: just hang on a bit.

Pumas Ransomware sample: https://www.sendspace.com/file/yryv2w

Any good news?

Pumas Ransomware sample: https://www.sendspace.com/file/yryv2w

 

Any good news?

Be patient... @demonslay335 Michael Gillespie is working hard for a soon coming solution for your .pumas request.
When it will be ready you will be informed in this topic and also by the https://www.bleepingcomputer.com

Free decrypter for .puma, .pumas and .pumax variants.

https://twitter.com/demonslay335/status/1068517307650064384

fhanks for efforts hope you can find decrypter for .DATAWAIT