Stampado Ransomware - How to remove

Stampado Ransomware

Stampado ransomware just like Payms ransomware is being sold on the Dark Web. Stampado cryptomalware shares many characteristics of CryptoLocker virus but cyber security researches concluded that Stampado virus has not been created by the same developers. This ransomware threat is being sold at the most ridiculous price ever – 39 USD is asked for a lifetime license. The hackers behind this ransomware also add a video tutorial on how to use this malicious program. Thus, Stampado file-encrypting virus has already earned the name of RaaS – a ransomware-as-a-service.

About Stampado Ransomware

Stampado ransomware uses the popular asymmetric encryption algorithm, meaning the two keys – one for encryption and the other for decryption – are generated. Of course, the decryption key is inaccessible and it is asked to be purchased. The hackers call it a ‘‘secret key’’. The files targeted include almost all the popular formats: .doc, .jpeg, .mp3, .avi, etc. The virus appends .locked extension to the filename extensions of every encrypted file. For example, photo.jpg is renamed into photo.jpg.locked.

The clients who purchased Stampado ransomware can customize the size of the ransom they want to demand for. However, the 96 hours, that are given for the victim’s to make the payment, is the feature of this malevolent program which cannot be customized. If the affected users have not transferred the payment till this expected time, a random file is deleted every 6 hours. The cyber crooks call this creepy game the ‘‘Russian Roulette’’.

The ransom note has two timers: one for the deadline and the other indicates the time left for the deletion of a random file. The affected users are encouraged to contact the cyber criminals if they have any questions or experience any difficulties in transferring the payment. The e-mails provided are various. There can be as much of them as there are Stampado encoder’s clients. The purchasers of this virus also offer a service of free decryption of one selected file. The ransom message contains a unique victim ID which is to be written when contacting the criminals to get further instructions. There is also a field for the code, given after the payment is made, to enter and a clickable button ‘‘Get back my files’’ next to it.

How is Stampado Ransomware Spread?

There is no distinct feature recognized of Stampado ransomware so far regarding the distribution methods the cyber frauds employ to spread this obnoxious threat. It acts as a Trojan virus by means of sending spam e-mails to the victim’s e-mail box disguising as such important sender as the State Tax Inspectorate, for example. The targeted users may also get suspicious spam e-mails without any sender indicated. These e-mails typically enclose links to infected websites and/or they have attachments which are infected with malicious codes and once opened, the executable of the malware is run to carry out the malicious deeds on the victim’s device.

How to Decrypt Files Encrypted by Stampado Ransomware?

Stampado ransomware has sparkled the dark skies of the world of computer viruses like a bat out of hell. Thus, cyber security researches have not been able to come up with the solution for this menacing threat yet. We completely understand that you want to get your data back. But, if you do not have a backup, it will be difficult to do this. Try to check Shadow Volume Copies, if you had Shadow Volume Service enabled on your PC. If this does not help, try applying professional data recovery tools such as the products of Kaspersky Lab, Recuva, PhotoRec, R-Studio, etc.

There are two essential actions to be taken before any data restoration. First of all, make a copy of your infected drive to have material to use on an upcoming decryptor. And, secondly, remove the Stampado encrypter with automatic tools such as Spyhunter (https://www.2-viruses.com/downloads/spyhunter2) or Malwarebytes (https://www.2-viruses.com/downloads/mbam.exe). These powerful security scanners will permanently eliminate the malware and all of its remnants from your computer’s system. We also provide the free manual removal instructions for the removal of Stampado ransomware. See below.

How to recover Stampado Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before Stampado Ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of Stampado Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter (https://www.2-viruses.com/downloads/spyhunter2) and remove all malicious files related to Stampado Ransomware. You can check other tools here.  

Step 3. Restore Stampado Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Stampado Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover Stampado Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

Removal guides in other languages

Leave a Reply

Your email address will not be published. Required fields are marked *