DATASTOP Ransomware

The DATASTOP Ransomware is a file-locker Trojan that prevents you from opening your media, including documents, pictures, and other file formats until you pay its ransom. Victims of these attacks should recover their work from any available backup or contact an experienced PC security researcher for their help on a decryption solution. Otherwise, let your anti-malware programs block and delete the DATASTOP Ransomware for protecting the rest of your PC's data.

Trojans Happily Explaining Their Attacks Right in the Name

Some samples of a threat using one of the most secure options for 'locking' files are becoming available to malware researchers, with the result to infected PCs being a likely permanent blockade of the user's access to their documents and similar media. The DATASTOP Ransomware, in most aspects of its payload, is reminiscent of Trojans like Hidden Tear or Scarab, although its relationship with these competitors is open to further investigation. For the present time, any users without backups and Internet access are placing their files at risk from a new campaign that extorts money by imprisoning data.

The DATASTOP Ransomware blocks the user's files with an RSA algorithm that uses a 1024-bit key. Besides making any media impacted non-opening in their programs, this attack includes a cosmetic edit to the file names that appends '.DATASTOP' extensions, which the DATASTOP Ransomware references in its ransoming messages (see below). Malware experts warn that, without leaks of databases or significant vulnerabilities in the DATASTOP Ransomware, decrypting and restoring these files can be impossible.

Similarly to many families of file-locking Trojans, the DATASTOP Ransomware creates Notepad text files and places them in highly-visible directories for soliciting money from the victim. Besides customizing some of the details, such as the name of the Trojan and the payment addresses, this note is a copy of ones from other campaigns, such as last year's Revolution Ransomware and the INCANTO Ransomware. Although paying should not be assumed as a reliable data recovery option, users may exploit the threat actor's offer of a 'free sample' for one to three files.

The Only Stop Signs Trojans Obey

None of the DATASTOP Ransomware's core features are incomplete, and malware experts are rating this Trojan as being ready for deploying into the wild, against any targets of the threat actor's preference. These campaigns may use different infection vectors, such as spam e-mails or RDP exploits, for compromising business sector servers, as well as exploit kits, fake software updates, and torrents for attacking PC users at random. Blocking JavaScript and Flash from your browser, leaving macros disabled in Word, and scanning every download with an appropriate anti-malware tool are some of the protections that are effective against these attacks.

The DATASTOP Ransomware may delete or encrypt any local backup data, and malware experts encourage using more secure alternative when available, such as USBs or cloud services. Data formats at risk from these attacks include Microsoft's Word documents, Adobe's PDF documents, general JPG, BMP, or GIF images, and other media that's not critical to an operating Windows. However, most brands of anti-malware software should remove the DATASTOP Ransomware without requiring any added help from the user for preventing the encryption attack.

Malware experts aren't seeing many details on how users may be choosing to pay the DATASTOP Ransomware, or what the price of its unlocking solution might be. Although the cost of extortion is rarely cheap, hopefully, most victims aren't rewarding the threat actor for his efforts, regardless.