A free decrypter that can be used to recover locked files by the Stampado ransomware is already available.
Fabian Wosar, an Emsisoft malware analyst, has found a way to outsmart the malicious newly-found Stampado ransomware. He created a free decrypter code to help victims restore their data.
Heimdal Security researchers were the ones who first detected the ransomware. It was recently spotted online on Dark Web cyber-crime forums disguising itself as an ad for a Ransomware-as-a-Service (RaaS).
Unlike other pieces of ransomware of this type which demand incredibly high ransoms to unlock your files, this particular one stands out with the surprisingly low price of only $39.
Once some samples of Stampado were uploaded and found on VirusTotal it took Wosar only a short range of time to crack it and find how it operates. According to him, the code used for developing Stampado is the AutoIt scripting language. It uses a symmetric AES-256 encryption algorithm and adds the “.locked” extension to all encrypted files.
Contrary to its creators` claims, the ransomware is actually a little old-fashioned. It does not automatically redirect its targets to a payment website like the other ransomware families usually do. Instead, it uses a simpler method in which the victims are supposed to contact the cybercriminals via Email and negotiate the terms of the payment.
Fortunately, Stampado was stopped before it could do any real damage. The decrypter Wosar created is available for free download on Emsisoft`s website. In order to use it, however, victims need the email address and the ID the ransomware used to infect their computers.
Once these are on hand, there are three simple steps for the decryption process to be completed. The decrypter should be running, the email and the ID have to be added to the Option section of the app, and, to finish, the Decrypt button should be pressed.
Although the decryption process is a standard operation there is always a chance that it could run into errors and destroy some of the files. Because of that users are advised to create a copy all encrypted files just in case and to be sure they will avoid data loss.