.Stinger Files Ransom Virus – Remove and Restore Encrypted Data

.Stinger Files Ransom Virus – Remove and Restore Encrypted Data

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article has been created in order to explain what exactly is the .Stinger files virus and how to remove .Stinger ransomware plus how to restore files that have been encrypted by it without having to pay ransom.

The .Stinger files virus it the type of ransomware infection, that is created in order to terrorize victims into paying a hefty ransom fee to restore their files which are encrypted by the virus and can not be opened using any type of software. The .Stinger files virus aims to slither onto your computer undetected, use encryption mode, that makes your files seem corrupt and then add the .Stinger file suffix. The ransomware then aims to add a ransom note, called “About .Stinger unlocking instructions.txt”, whose primary purpose is to ask victims to get victims to contact [email protected].

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on your computer and then asks you to contact the cyber-criminals via e-mail to get your files back.
SymptomsThe primary symptoms are that the files have the .Stinger file extension and the infected PC also contains the ransom note, named “About .Stinger unlocking instructions.txt”.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Stinger


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Stinger.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Stinger Ransomware – How Does It Infect

The main methods of infection that are used by the .Stinger files virus may be active and passive methods of replicating the infection objects. If the virus uses active methods, that means that the cyber-criminals aim to proactively target a vast number of computers The main way to do this is by sending the victim spammed e-mail messages that aim to get you to open a malicious e-mail attachment within them. Such messages often pretend to come from big companies, like:

  • FedEx.
  • PayPal.
  • DHL.
  • eBay.
  • Amazon.

Often those e-mails have topics that grab your attention, for example “Your Amazon Order is almost complete”.

Besides active methods, the crooks may also spread their malicious files or web links via more passive ways, like uploading them on a website and wait for you to visit it, looking for something to download, but instead downloading the virus. This type of malicious SEO strategy often uses legitimate types of files, like:

  • Setups of programs.
  • Drivers.
  • Key generators.
  • Software license activators.
  • Other forms of setups.

In addition to this, the virus may also come as a forced update on your PC, in case it has previously been compromised by a Trojan or a program that has vulnerabilities.

.Stinger Ransomware – More Information + Activity

.Stinger files virus is the type of infection that holds your files hostage until you pay a hefty ransom in order to get them to work again. To do this, the ransomware virus may enter your PC via it’s main infection file. According to malware researchers who uploaded the sample on VirusTotal, the file has the following parameters:

→ SHA-256:ef294e69cda98f1a76367d07f009e340176f523fe2fb7495f6161046d4f0944f
Size:39.5 KB

After this has completed, the ransomware virus aims to run different scripts that make it perform a set of malicious actions on the infected computer, starting with dropping it’s malicious files. The files, also known as payload may be with random names, just like it’s main virus file and may exist in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Temp%
  • %Roaming%

After this has occurred, the ransomware virus may perform set of malicious activities that may make it run programs as an administrator on your computer. These are comprised primarily of touching system files of Windows and creating mutants. In addition to this, the .Stinger ransomware may also create copies of itself instead it’s main executable is manually removed.

The virus may also interfere with the Run and RunOnce registry keys by adding the following Registry entries to make it’s malicious file, that is responsible fr the file ecryption process run automatically on Windows boot:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In addition to this, the .Stinger files virus may also run commands to delete the shadow volume copies of Windows. These commands are likely run via a script that executes Windows command prompt as an administrator and enters the following vssadmin and bcedit command iterations:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

The stinger virus, also makes sure that the victim sees it’s ransom note, begging with an ASCII skull. The note, created in several different langauges has the following message to victims:

Hello, friend, Please read the following
Your file has been locked, please do not close the system, or modify the extension name.
Please E-Mail me, unlock the cost USD 100.00
e-mail:[email protected]

From the ransom note, it appears that the virus aims to get victims by further providing them with ransom instructions via e-mail.

.Sting Files Virus – Encryption Process

The .Stinger virus begins encrypting files on the infected computer by firstly scanning for different file types to encrypt, like the following often used file types:


In addition to this, the ransomware virus may refrain from encrypting system files of Windows by skipping them, via using some sort of a white list. The encrypted files are often documents, images, videos and other types of such files. The ransomware virus uses the encryption mode to change the files structure. This results in the files becoming no longer able to be opened and having the .Stinger file suffix added to them:

Remove .Stinger Ransomware and Restore Files Encrypted by It

In order to remove .Stinger files ransomware, recommendations are to follow the removal instructions underneath this article. They are created by being separated in manual and automatic removal instructions. If you want to remove this ransomware manually, you should however, have some experience in malware removal. For maximum effectiveness however, recommendations by experts are download an advanced anti-malware software which will not only automatically remove .Stinger files virus but also make sure that your PC stays protected against such infections in the future too.

Furthermore, if you want to try and restore your encrypted files without having to pay ransom recommendations are to try the alternative steps for file recovery underneath in “2. Restore files encrypted by .Stinger Files Virus”. They may not be 100% guarantee you will be able to restore your files, but with their aid you may be able to recover some of them.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share