Fabian Wosar, a malware analyst at Emsisoft, has created a free decrypter that can unlock files encrypted by the recently discovered Stampado ransomware.
The ransomware wasby security researchers from Heimdal Security. Stampado was never detected in live infections but as an ad for a Ransomware-as-a-Service (RaaS) offering on Dark Web cyber-crime forums.
Its author was peddling the ransomware for an incredibly low price of only $39, compared to other RaaS services that went into the hundreds and thousands of dollars.
Stampado was more hype than anything else
Security researchers were eventually able to find some samples of this ransomware uploaded on VirusTotal. It did not take long for a ransomware guru like Wosar to find a weakness in how Stampado works.
According to Wosar, the ransomware is coded in the AutoIt scripting language, appends the .locked extension to all locked files, and uses a symmetric AES-256 encryption algorithm.
Stampado is not as professional as its authors claimed to be. The ransomware still relies on infected victims contacting the crooks via email to negotiate the ransom payment, instead of using an automated website like most other ransomware families do, usually hosted on Tor-based websites.
Free decrypter available for download
To use Wosar’s free decrypter, which you can, users need to have on hand the email address and the ID Stampado had used for their computers.
Just run the Stampado decrypter, add the email address and ID to the Options section of the app, and press the Decrypt button when ready.
Running the decrypter is a trivial operation, but just to be safe and avoid data loss, create a copy of the encrypted files just in case the decryption process runs into errors and destroys some of your files.
Stampado clearly isn’t worth the $39 they ask for. Shitty ransomware made by probably even shittier devs. Decrypter:— Fabian Wosar (@fwosar)