Extension appended to the end of the encrypted data filename
Older STOP (Djvu) Ransomware encryptions: .STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT, .puma, .pumax, .pumas, .shadow, .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promock, .promoks, .promorad,, promorad2, .kroput, .kroput1, .charck, .pulsar1, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .verasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .forasom, .berost, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidon, .heroset, .myskle, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .tocue, .darus, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .coharos, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .stare, .cetori, .carote, or .shariz
Newer STOP (Djvu) Ransomware Extensions: .gero, .hese, .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec, .mosk, .lokf, .peet, .grod, .mbed, .kodg, .zobm, .rote, .msop, .hets, .righ, .gesd, .merl, .mkos, .nbes, .piny, .redl, .nosu, .kodc, .reha, .topi, .npsg, .btos, .repp, .alka, .bboo, .rooe, .mmnn, .ooss. .mool, .nppp, .rezm, .lokd, .foop, .remk, .npsk, .opqz, .mado, .jope, .mpaj, .lalo, .lezp, .qewe, .mpal, .sqpc, .mzlq, .koti, .covm, .pezi, .zipe, .nlah, .kkll, .zwer, .nypd, .usam, .tabe, .vawe, .moba, .pykw, .zida, .maas, .repl, .kuus, .erif, .kook, .nile, .oonn, .vari, .boop, .geno, .kasp, .ogdo, .npph, .kolz, .copa, .lyli, .moss, .foqe, .mmpa, .efji, .iiss, .jdyi, .vpsh, .agho, .vvoa, .epor, .sglh, .lisp, .weui, .nobu, .igdm, .booa, .omfl, .igal, .qlkm, .coos, .wbxd, .pola, .cosd, .plam, .ygkz, .cadq, .ribd, .tirp, .reig, .ekvf, .enfp, .ytbn, .fdcz, .urnb, .lmas, .wrui, .rejg, .pcqq, .igvm, .nusm, .ehiz, .paas, .pahd, .mppq, .qscx, .sspq, .iqll, .ddsg, .piiq, .miis, .neer, .leex, .zqqw, .pooe, .zzla, .wwka, .gujd, .ufwj, .moqs, .hhqa, .aeur, .guer, .nooa, .muuq, .reqg, .hoop, .orkf, .iwan, .lqqw, .efdc, .wiot, .koom, .rigd, .tisc, .mded, .nqsq, .irjg, .vtua, .maql, .zaps, .rugj, .rivd, .cool, .palq, .stax, .irfk, .qdla, .qmak, .futm, .utjg, .iisa, .pqgs, .robm, .rigj, .moia, .yqal, .wnlu, .hgsh, .mljx, .yjqs, .shgv, .hudf, .nnqp, .sbpg, .xcmb, .miia, .loov, .dehd, .vgkf, .nqhd, .zaqi, .vfgj, .fhkf, .maak, .yber, .qqqw, .qqqe, .qqqr, .yoqs, .bbbw, .bbbe, .bbbr, .maiv, .avyu, .cuag, .iips, .qnty, .ccps, .ckae, .gcyi, .eucy, .ooii, .jjtt, .rtgf, .fgui, .fgnh, .sdjm, .iiof, .fopa, .qbaa, .vyia, .vtym, .kqgs, .xcbg, .bpqd, .vlff, .eyrv, .rguy, .uigd, .hfgd, .kkia, .ssoi, .mmuz, .pphg, .wdlo, .kxde, .udla, .voom, .mpag, .gtys, .tuid, .uyjh, .ghas, .hajd, .qpss, .qall, .dwqs, .vomm, .ygvb, .nuhb, .msjd, .jhdd, .dmay, .jhbg, .jhgn, .dewd, .ttii, .hhjk, .mmob, .mine, .sijr, .xcvf, .bbnm, .egfg, .byya, .hruu , .kruu, .ifla, .errz, .dfwe, .fefg, .fdcv, .nnuz, .zpps, .qlln, .uihj,.zfdv, .ewdf, .rrbb, .rrcc, .rryy, .bnrs, .eegf, .bbyy, .bbii, .bbzz, .hkgt, .eijy, .efvc, .lltt, .lloo, .llee, .llqq, .dkrf, .eiur, .ghsd, .jjyy, .jjww, .jjll, ..hhye, .hhew, .hhyu, .hhwq, .hheo, .ggew, .ggyu, .ggwq, .ggeo, .oori, .ooxa, .vvew, .vvyu, .vvwq, .vveo, .cceq. .ccew, .ccyu, .ccwq, .cceo, .ccza, .qqmt, .qqri, .qqlo, .qqlc, .qqjj, .qqpp, .qqkk, .oopu, .oovb, .oodt, .mmpu, .mmvb, .mmdt, .eewt, .eeyu, .eemv, .eebn, .aawt, .aayu, .aamv, .aabn, .oflg, .ofoq, .ofww, .adlg, .adww, .tohj, .towz, .pohj, .powz, .tuis, .tuow, .tury, .nuis, .nury, .powd, .pozq, .bowd, .bozq, .zatp, .zate, .fatp, .fate, .tcvp, .tcbu, .kcvp, .kcbu, .uyro, .uyit, .mppn, .mbtf, .manw, .maos, .matu, .btnw, .btos, .bttu, .isal, .iswr, .isza, .znsm, .znws, .znto, .bpsm, .bpws, .bpto, .zoqw, .zouu, .poqw, .pouu, .mzqw, .mztu, .mzop, .assm, .erqw, .erop, .vvmm, .vvoo, .hhmm, .hhee, .hhoo, .iowd, .ioqa, .iotr, .qowd, .qoqa, .qotr, .gosw, .goaq, .goba, .cosw, .coaq, .coba, craa, .qazx, .qapo, .qarj, .dazx, .dapo, .darj, .tycx, .tywd, .typo, .tyos, .jycx, .jywd, .jypo, .jyos, .nifr, .nitz, .niwm, .kiop, .kifr, .kitz, .kiwm, .boty, .boza, .coty, .coza, .fofd, .foty .foza, .sato, .saba, .qopz, .qore, .gash, .gatz, .xash, .xatz, .xaro, .gaze, .gatq, .gapo, .vaze, .vatq, .vapo, .werz, .weqp, .weon, .nerz, .neqp, .neon, .ahtw, .ahgr, .ahui, .bhtw, .bhgr, .bhui, .tghz, .tgpo, .tgvv, .aghz, .agpo, .agvv, .wazp, .waqq, .wayn, .gazp, .gaqq, .gayn, .miza, .mitu, .miqe, .kizu, .kitu, .kiqu, .wsaz, .wspn, .wsuu, .poaz, .popn, .pouu, .yyza, .yytw, .yyza, .tasa, .taqw, .taoy, .jasa, .jaqw, .jaoy, .wzqw, .wzer, .wzoq, .wztt, .nzqw, .nzer, .nzoq, .nztt, .teza, .rzkd, .rzfu, .rzew, .rzml, .hgkd, .hgfu, .hgew, .hgml, .oopl, .ooty, .oohu, .ooza, .wwpl, .wwty, .wwhu, .wwza, .azqt, .azre, .azop, .azhi, .mzqt, .mzre, .mzop, .mzhi, .ttwq, .ttza, .ttap, .ttrd, .mlwq, .mlza, .mlap, .mlrd, .ptqw, .ptrz, .pthh, .itqw, .itrz, .ithh, .zpas, .zpww, .zput, .ppvs, .ppvw, .ppvt, .yzaq, .yzqe, .yzoo, jzeq, .jzie, .eqew, .eqza, .iicc, .gyew, .gyca, .gycc, .jazi, .jawr, .nbzi, .nbwr, .hhuy, .hhaz, .ljuy, .ljaz, .loqw, .lomz, .cdqw, .cdmx, .cdwe, .cdaz, .cdpo, .cdtt, .cdcc, .cdxx, .ldhy, .lkhy, .lkfr, .wisz, .wiaw, .nood, .kool, .vook, .looy, .uajs, .uazq, .kaaa, .bgjs, .bgzq, .baaa, .qepi, .qehu, .geza, .paaa, .vepi, .vehu, .veza, .watz, .waqa,
- Our full guide to remove ransomware from windows is available now.
You will find our video in Mango School channel ,,, sorry about that google don't accept links
Incase there is NO connection between victims and encryption server
If the malware is unable to connect with its servers and fails to get an ONLINE KEY it will give up and resort to using an OFFLINE KEY. The OFFLINE KEY is a hard-coded built-in encryption KEY (used with a built-in OFFLINE ID) at the time the ransomware encrypted your files. Each variant extension only has one OFFLINE ID (a string of numbers and letters that identifies the infected computer to the ransomware) which generally ends in "t1" so they are usually easy to identify.
Incase there is a connection between victims and encryption server
If the malware is able to connect with its control servers then it will obtain and use a unique randomly generated ONLINE KEY which will allow it to keep encrypting files with that key from memory, Without the master private RSA key that can be used to decrypt your files, decryption is impossible...the key is generated in a secure way that cannot be brute-forced. The public RSA key alone that encrypted the files is useless for decryption, therefore a malware sample of any particular variant is also useless for decryption since it only contains the public key.
