Decrypt Files Encrypted by STOP Ransomware

Decrypt Files Encrypted by STOP Ransomware

This is an article, created to explain how you can decrypt files, encrypted by STOP Ransomware virus.

STOP ransomware is the type of malware, whose main idea is to get users to pay ransom in the form of BitCoin to get their files back. Not all variants of this ransomware can be decrypted for free, but we have added the decryptor used by researchers that is often updated with the variants which become eventually decrypted. You can try and decrypt your files using the instructions below, but if they do not work, then unfortunately your variant of the ransomware virus is not decryptable.

STOP Ransomware – More Information

Researchers have categorised STOP ransomware to be of several different variants.

  • The variant with the uppercase extensions.
  • The Puma variants of STOP.
  • The Djvu STOP variants.

The uppercase file extension variants only include uppercase extensions and they are a bit outdated, whie the Puma and Djvu variants are relatively new ones as the Djvu variants being the latest viruses to hit the workd.

How to Decrypt Your Files

To decrypt your files, first you need to download STOP Decryption tool from Bleeping Computer, available on the URL below:

After the download, make sure to follow these steps:

Step 1) Extract the decrypter somewhere:

Step 2) Run it as an administrator:

Step 3) Click on “Select Directory” and then select a folder, where your important files are encrypted.

Step 4) Click on Decrypt and be patient. The software will return how many files were decrypted:

Remove STOP Ransomware

Be sure to only remove STOP once your files are decrypted. If the files are not decrypted, you should wait until security researchers update the decryptor to work for your variant. Until then, we strongly recommend that you backup your encrypted files and NOT pay the ransomware. Also, you can try and get some of your files back by following the alternative recovery instructions underneath. They are no guarantee that you will get all your files back, but with their help, you could restore at least some of the files.

To remove STOP ransomware, you should follow the first two steps. If they do not work, then try to remove this virus automatically with an advanced anti-malware software. Such software is often the preffered removal method, since it aims to detect an delete all STOP files plus remove them.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website


  1. Sathiyan

    Hi Ventsislav,

    My system had been attacked by .rectot ransomeware, last week. The files are encrypted. I have tried STOPDecryptor, but the decryption was denied due to no keys available for the following ID.


    Can you please help me to retrieve my files

    1. Ventsislav Krastev (Post author)

      Hello, for the moment there are only about 30 decryption keys in the decrypter. Backup your files and wait for the decryptor to be updated. It usually gets updated every 10 days or so.

  2. Hugo

    Hola Ventsislav,

    Mi sistema fue atacado por ransomware .rezuc, hace dos dias. Los archivos están encriptados. He probado con STOPDecryptor, pero el descifrado fue denegado
    ID :
    sAkrsf5GtCegelujc1BiEbEIXc7mBBFkWliJgYI0 (.rezuc )

    1. Milena Dimitrova

      Hi Hugo,

      The reason may be that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of .rezuc ransomware infections.

  3. Mz Islam


    I have attacked by .stone malware.Any update on it.

  4. Kadek Doni

    hallo, saya terkena serangan rezuc sudah saya hapus virus dan sudah saya dekrip menggunakan STOPDecrpter tapi masih tidak bisa,
    [!] No keys were found for the following IDs:
    [*] ID: WGilpyyKEdCsZtqgJQJDyZFDZRJLgqXkDt2Cn1bI (.rezuc )

  5. Juan

    QTxwfONh4EEd3XUaSKGlJAa6gnc1qExRkDAfc8Il (.rezuc )

    1. Milena Dimitrova

      Hi Juan,

      Did you try using the decrypter? It may be able to partially decrypt some of your files.

      1. Fernando Calderon

        Milena Dimitrova, te funcionó con el descifrador?

        También estoy siendo afectado por el . rezuc

        Ojalá pueda existir alguna solución.

  6. Dana Marsetiya Utama

    hello sir, please help me. my PC was atack .rezuc 2 week ago . i have used stop decrypter. unfortunately, it is not success. please help me
    [!] No keys were found for the following IDs:
    [*] ID: cn00hmtMuQnAXDeGdCAxRRCtIxPnEe67zYAIErey (.rezuc )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: FC:3F:DB:39:E1:5B, 60:6D:C7:F7:DB:09, 62:6D:C7:F7:DB:09, 62:6D:C7:F7:D3:09, 60:6D:C7:F7:DB:0A
    This info has also been logged to STOPDecrypter-log.txt

  7. Sagar Girme

    No key found for
    ID: 094KJASHd743dfg76fdfN3In9TaUitalymIQE7m8wG5kr5CVBqn1uAC1eHMt
    Kindly help me get the key as my all imp data hsa been encypted .

  8. Joaquín

    Saludos, fui atacado por el .lanset desde el 3 de junio, voy a seguir las indicaciones y comento como me fue

  9. Ather Saeed

    Dear Sir,
    My PC attacked my vesad Ransomware yesterday. I have used stopdecrypter but No If found show and still waiting to recover my data. Can you please help me in this matter

  10. Max

    buenas tardes yo tengo un problema con un virus que me encripto los documentos con un .lanset y la aplicación manda esto:

    No key for ID: MgAeYiYcERnWXoMBuAtbMk00jMzQo30bPiDS5b7G (.lanset )
    Unidentified ID: MgAeYiYcERnWXoMBuAtbMk00jMzQo30bPiDS5b7G (.lanset )
    MACs: F0:4D:A2:6E:0F:BE, 8C:A9:82:21:28:48, 00:0D:F0:90:8E:3A

    ojala me pudieran ayudar


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share