.DATASTOP Files Virus – How to Remove and Restore Files
THREAT REMOVAL

.DATASTOP Files Virus – How to Remove and Restore Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .DATASTOP Ransomware and other threats.
Threats such as .DATASTOP Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created to explain to you what is the .DATASTOP ransomware virus and how to remove it from your computer plus how you can restore files, encrypted by it.

A new ransomware virus, using the .DATASTOP file extension to encrypt the files on the computers of victims has been detected by researchers. The virus’s primary purpose is to encrypt the files on the computers infected by it after which to set the .DATASTOP file extension. The ransomware then drops a ransom note type of file, called !!!DATA_RESTORE!!!.txt aiming to convince victims that they should pay ransom if they want to see their files again. If you want to remove this ransomware virus and try to restore .DATASTOP files without having to pay ransom, we advise that you read this article thoroughly.

Threat Summary

Name.DATASTOP Ransomware
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware aims to encrypt the files on the compromised computers and then ask victims to pay ransom in BitCoin to get the encrypted files back.
SymptomsFiles are encrypted with an added .DATASTOP file extension and a ransom note, called !!!DATA_RESTORE!!!.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .DATASTOP Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .DATASTOP Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.DATASTOP Files Virus – Distribution

The .DATASTOP files virus aims to infect the computers of victims via e-mail by sending malicious e-mail attachments, whose primary purpose is to get victims to download and execute the file, believing it is an important documents. The cyber-criminals often tend to use false statements to make it seem like the attachment is an important document, for example:

In addition to this, the .DATASTOP ransomware virus is the type of ransomware that can also infect your computer as a result of you having to download and execute it’s malicious file, while believing it is a legitimate type of file, such as:

  • Setup of a program.
  • Portable version of software.
  • Game patch or crack.
  • Key generator.

.DATASTOP Files Virus – Malicious Activity

The .DATASTOP files virus aims to slither into the victims computers undetected. When this happens, the virus aims to check your computer’s version and send information to the cyber-criminals, like your IP address and other types of system data. The malware may also check if the computer it’s running on has previously been infected by it’s variants or if it’s running in a virtual environment. If this is so, the .DATASTOP files virus shuts down and if not, the ransomware virus may drop it’s payload files on the computers of victims. The payload of .DATASTOP files virus may located in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

Among the files of the .DATASTOP ransomware dropped is the virus’s ransom note, called !!!DATA_RESTORE!!!.txt, that has the following message for victims to see:

All your important files were encrypted on this PC.

All files with .DATASTOP extension are encrypted.

Encryption was produced using unique private key RSA-1024 generated for this computer.

To decrypt your files, you need to obtain private key + decrypt software.

To retrieve the private key and decrypt software, you need to contact us by email [email protected] send us an email your !!!DATA_RESTORE!!!.txt file and wait for further instructions.

For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.

Your personal id:

E-mail address to contact us:

[email protected]

Reserve e-mail address to contact us:

[email protected]

In addition to this, the .DATASTOP ransomware virus may also add registry entries in the Run and RunOnce Windows registry sub-keys, which have the following locations:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization

But the malicious activity of .DATASTOP file ransomware, do not stop there. Since it is a variant of the STOP ransomware virus, it may be updated to perform more malicious activities in addition to the traditional ones, performed by this infection.

One of the activities that may be performed by the .DATASTOP files virus may be to delete the shadow volume copies of the infected computer system, preferrably by running a script that executes the following Windows commands as an administrator in the background:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryeenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

.DATASTOP Files Virus – File Encryption

In order to encrypt the files on the computers that have been compromised by it, the .DATASTOP files virus is the type of ransomware that aims to run a scan of the file types that are often used. These files are documents, videos, images, archives and other importand objects. The virus may scan for them based on their file extensions, for example:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ .BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

In addition to this, the .DATASTOP ransomware virus may also add important Windows directories, like %Windows%, %System%, etc. to it’s whitelist in order to skip encrypting files in those folders so that you can still use your computer.

The .DATASTOP ransomware uses two ciphers to lock your important files:

  • AES encrption algorithm.
  • RSA-1024 encryption cipher.

The ransomware then ads the .DATASTOP file extension to the files, encoded by it and the encrypted files may assume the following appearance:

Remove STOP Ransomware and Restore .DATASTOP Files

If you are aiming at getting rid of this virus, it is important to know that you can follow either the manual or the automatic removal instructions for .DATASTOP files virus below. They have been created with the idea in mind that if the manual removal does not work for your or you feel unconfident in performing the removal, you can also remove this ransomware virus automatically by downloading an advanced anti-malware software, which is what experts often outline as the most effective method. Such software aims to scan your computer and completely clean it from absolutely any intrusive and malicious software while ensuring future protection against such threats as well.

If you want to restore files, that have been encrypted with the added .DATASTOP extension, you are welcome to try the alternative methods in step “2. Restore files, encrypted by .DATASTOP Ransomware”. They may not be 100% effective, but might be able to help you to recover most of your files.

Note! Your computer system may be affected by .DATASTOP Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .DATASTOP Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .DATASTOP Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .DATASTOP Ransomware files and objects
2. Find files created by .DATASTOP Ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .DATASTOP Ransomware

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

3 Comments

  1. Nur rahman

    Good morning Mr…
    I was victims of virus ransomeware and all my files was encryptes. Since I read this articles, I tried to following those steps which mentioned above. Unfortunately, I was stagnant and my file still locked or encrypted. Also I have searched software decryptor for .DATASTOPS but I could not find it. Is there any suggestion to unlock or decrypt my files, from you as an expert on cybersecurity maybe you can give suggestion?
    Best regards

    Reply
  2. Nur rahman

    My laptop was infected by rasomeware and all file was encrypted with extension .DATASTOPS, as expert you might have any ideas or suggestion to solve my problem. I have followed certain steps above but my file still encrypted. Please help me

    Best regards

    Reply
    1. Tsetso MihailovTsetso Mihailov

      Hello, Mr Nur Rahman.
      Currently, there is no official decryption tool available. We from SensorsTechForum suggest that you check out this guide to try restoring some of your data without such a tool:

      https://sensorstechforum.com/restore-files-encrypted-ransomware-without-decryptor/

      Best Regards

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...