Home Malware Programs Ransomware STOP Djvu Ransomware

STOP Djvu Ransomware

Posted: April 1, 2019

The STOP Ransomware, also know as the Djvu Ransomware is a threatening cryptovirus. Although the latter first hit the headlines in February 2018, its creators have since developed multiple variants, keeping the flow of infections growing. If the growing number of file extensions appended by Djvu is anything to go by, that new STOP variant makes no exception. Djvu has only caught the attention of the security community recently. Yet, it has already managed to infect machines worldwide, each time appending a different file extension to the encrypted data. So far, security researchers have spotted numerous extensions associated with the Djvu ransomware, namely:

  • .adobe, .adobee, .pdff.
  • .djvu, .djvus, .djvuu, djvuq, udjvu, .uudjvu (older variants).
  • .blower, .pomorad, .promock, .tfude, .tfudeq, .tfudet, .tro. (recent variants).
  • .chech, .luces, .luceq, .kropun, .kroput1, .charck, .pulsar 1 (newest).

Unlike other ransomware types, which typically attack PC users via spam emails, recent Djvu infections have occurred following a download of a keygen/crack reportedly. Once the infection has completed, Djvu draws up a ransom note titled ‘_openme.txt’. Here’s the text of the note:

Don't worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don't try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
Your personal ID:’

The actors behind Djvu offer a 50% discount if contacted within 72 hours. However, the exact amount of compensation is not mentioned in the note. While older Djvu variants can be neutralized as security researchers have developed free decryptors, there are no working solutions for the most recent variants currently.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to STOP Djvu Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.