Stampado Ransomware Stopped in its Path with Free Decrypter

Malware has been around for quite a while, but it is rapidly evolving to have a more aggressive approach to causing utter destruction. New threats are coming out each and every day, and older ones are getting updates. There is, of course, an incentive to put in an extra effort to make the computer experience of others worse. One of the hottest trends in cyber-crime is ransomware. As suggested by its name, it is a piece of malware that encrypts your valuable data and demands a ransom from you to get it back. However, it's becoming easier to use, even for people who don't have coding skills. This is due to ransomware as a service (RaaS).

Enter the New Ransomware as a Service Family Called Stampado

Stampado Ransomware was first spotted back in July when it wasn't detected as an active infection but as a RaaS offering on some Dark Web cyber-crime forums. The price was extremely low for the threat at the time. You could get a "lifetime license" for Stampado for a mere $39 when other RaaS programs are being sold for hundreds of dollars or substantial monthly subscriptions. The plans of the people peddling the Stampado Ransomware, however, were quickly thwarted by a malware analyst at Emsisoft, called Fabian Wosar. Fabian created a free decryptor for the Stampado Ransomware before it could do serious damage. Wosar managed to find a weakness in the ransomware, which was coded using the AutoIT scripting language and used a symmetric AES-256 encryption, appending encrypted files with a .locked extension.

Contents of the Stampado lock screen:

All your files have been encrypted!
All your documents (databases, texts, images, videos, musics etc.) were encrypted. The encryption was done using a secret key that is now on our servers.
To decrypt your files you will need to buy the secret key from us. We are the only on the world who can provide this for you.
Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose.
Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files.
What can I do?
Contact us by email telling your ID (below) and wait for us to send the instructions.
Contact us by: getfiles@tutanota.com
As a proof, you can send one encrypted file, so we will send it back decrypted. Use it as a guarantee that we can decrypt your files.

Screenshot of the Stampado lock screen:

The Stampado Ransomware was theoretically worse than other ransomware. Apart from the Russian roulette feature that deleted arbitrary files on a set timer, it also encrypted data that had already fallen victim to another ransomware. Analyzing a newer version of the Stampado threat, Fabian Wosar found that it targeted file extensions used by other ransomware such as TeslaCrypt, Kimcil, Cerber, Locky, LeChiffre, PadCrypt and Coverton among many other ransomware. Fundamentally, if you are unfortunate enough to be infected by any of these threats and the Stampado Ransomware at the same time, you would have to pay both ransoms to recover your files . Luckily, Fabian Wosar seems to have taken the matter seriously and is keeping his decryptor current with the newer versions of Stampado.

The Stampado Ransomware Plot Thickens

Wosar managed to anger the developer of the Stampado Ransomware so much that he felt it necessary to insult him in the code of one of his newer versions, writing:

Func _h3($al)
Return StringTrimLeft(_6("fuck you Fabian" &$al,$n), 2)
EndFunc

Screenshot of the message:

This particular "note" can be found in the code of the Philadelphia Ransomware, a newer version of Stampado that is sold for $400 by a malware developer going under the nickname, "The Rainmaker." The new version of the Stampado Ransomware, is advertised as a cheap option for wannabe cybercriminals, offering advanced ransomware features. It even gives its users the "Mercy" button option, if they are compassionate enough to decrypt someone's files free of charge.