STOP Ransomware (.peet variation)

What is STOP Ransomware (.peet variation)?

STOP Ransomware (.peet variation), or Peet Ransomware, is a dangerous infection. Although it does not steal private information, drop other malicious files, or hijack your personal accounts, it corrupts your personal files. Documents, pictures, archives, and media files are encrypted, and the data within is changed, which renders the files unreadable. This is the first task that the infection needs to complete. Afterward, it has to convince you to pay money in return for a decryptor. The attack of this malware is very simple in its structure, but, unfortunately, it can be very successful and lucrative. If victims of the infection cannot recover their files for free, they might decide to fulfill the attackers’ demands, and Anti-Spyware-101.com researchers think that that would be a mistake. If you are not sure about what it is that you should do with the infection, its removal, and the recovery of your files, continue reading. If you are trying to delete STOP Ransomware (.peet variation) already, scroll down to find instructions.

How does STOP Ransomware (.peet variation) work?

STOP Ransomware (.peet variation) has to enter your operating system before it can encrypt your personal files. This threat is likely to exploit bundled downloaders, RDP vulnerabilities, and also spam emails to slither into your operating system. These security backdoors can be exploited by other threats too, including Btos Ransomware, Topi Ransomware, Reha Ransomware, or Nbes Ransomware. Do you know what these infections have in common with Peet Ransomware? They all belong to the STOP Ransomware family, they look and work the same, and they all use the same ransom demands. A file named “_readme.txt” is dropped by the threat as soon as files are encrypted, and it calls for attention. According to this message, files can be recovered only with the combination of a decryptor and a unique key, but to obtain it, you have to contact the attackers and pay a ransom of $490. Does this sound fishy? That is because it is fishy. Cybercriminals hijacked your files so that they could take your money, but there is absolutely no reason for them to decrypt your files, and so you should not trust their promises.

The STOP Ransomware (.peet variation) ransom note lists two unique email addresses that you are supposed to use to contact them. The first email address – restorefiles@firemail.cc – has been linked to Grod Ransomware. The second email address – gorentos@bitmessage.ch – has been linked to a bunch of different STOP Ransomware variants. Clearly, we are dealing with the same attacker or a group of attackers. If you contact them, they will promise to give you a decryptor for the files with the “.peet” extension attached to them, but if you pay the ransom, you will be left empty-handed. The good news is that you do not need to consider taking the risk as a free tool called “STOP Decryptor” exists already. Hopefully, you can use it to restore all encrypted files for free. Alternatively, use your backup copies to replace the corrupted files. If you do not have backup copies, make sure you keep in mind to create them from now on because that is the best insurance against malware that destroys or removes files.

How to delete STOP Ransomware (.peet variation)

Hopefully, you have a way to replace or restore your personal files, and the attackers behind STOP Ransomware (.peet variation) cannot force you to do anything that would put you at more risk. Note that even sending them a simple message from your own email account could put you at risk. Whatever you are going to do, you need to remove Peet Ransomware first. If you can locate the .exe file with a random name that launched STOP Ransomware (.peet variation), go ahead and follow the instructions below. They show how to remove the remaining components. If you are not able to clean your system yourself, implement anti-malware software. It will automatically delete every single malicious component that exists, and, at the same time, it will also strengthen Windows protection, which is something you need if you wish to ensure that new threats cannot attack you again.

Removal Instructions

1. Locate the executable file that launched the threat, right-click it, and select Delete.
2. Simultaneously tap Win+E keys to access the File Explorer.
3. Enter %HOMEDRIVE% into the quick access field at the top to access the directory.
4. Right-click and Delete a folder named SystemID and a ransom note file named _readme.txt.
5. Enter %LOCALAPPDATA% into the quick access field at the top to access the directory.
6. Right-click and Delete the {unique name} folder that contains ransomware files.
7. Empty Recycle Bin and then quickly perform a complete system scan using a legitimate malware scanner. Download Removal Tool100% FREE spyware scan and
   tested removal of STOP Ransomware (.peet variation)*