• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

.Stone file extension ransomware virus (Restore, Decrypt .stone files)

Myantispyware team June 2, 2019    

This week, cyber threat analysts has received reports of yet another ransomware called ‘Stone ransomware‘. This ransomware virus spreads via spam emails and malware files and appends the .stone file extension to encrypted files. This article will provide you a brief summary of information related to this ransomware and how to recover (decrypt) encrypted photos, documents and music for free.

Files encrypted by .Stone ransomware

Files encrypted by .Stone ransomware

Stone crypto virus is a malicious software which limits you from viewing your documents, photos and music. It forces you to pay the ransom through Bitcoins in order to get your photos, documents and music back. It is known to encrypt almost all file types, including files with extensions:

.p12, .z3d, .xll, .xls, .kf, .xwp, .xbdoc, .pem, .rw2, .hvpl, .zdc, .wpg, .pef, .1st, .wmd, .odp, .der, .rar, .wmv, .jpg, .dbf, .odm, .pfx, .ysp, .mov, .wgz, .xlsx, .sidd, .cas, .jpeg, .yal, .tor, .wdb, .forge, .zi, .pst, .sis, .snx, .xlsm, .wpb, .dng, .map, .mdb, .bar, .odt, .vpk, .wp4, .wp7, .pptm, .mpqge, .psd, .xlk, .bsa, .wbz, .dmp, .y, .fpk, .py, .mcmeta, .wire, .srw, .bc6, .sb, .xy3, .wbmp, .indd, .crt, .csv, .webdoc, .wmf, .m4a, .ff, .fsh, .js, .vfs0, .wmo, .m2, .rim, .mlx, .wpe, .jpe, .cfr, .crw, .wp6, .3fr, .ibank, .webp, .lvl, .db0, .fos, .big, .xld, .dxg, .zdb, .eps, .re4, .wav, .2bp, .wpw, wallet, .vtf, .wmv, .sidn, .odb, .itl, .3dm, .xx, .itm, .iwd, .vdf, .lbf, .wps, .1, .odc, .wbk, .wbc, .zip, .x, .mef, .pptx, .wpd, .wn, .dazip, .wdp, .ppt, .arw, .wpa, .dcr, .xls, .mrwref, .litemod, .pdd, .lrf, .dba, .wpt, .wp, .x3f, .wm, .yml, .qic, .txt, .pkpass, .w3x, .t12, .hkdb, .xdb, .gdb, .kdc, .sum, .x3f, .wbd, .syncdb, .gho, .sql, .zabw, .t13, .epk, .pak, .wbm, .xbplate, .esm, .mddata, .bc7, .p7c, .slm, .wsh, .accdb, .raw, .kdb, .bik, .x3d, .sid, .sie, .rofl, .bay, .ws, .png, .nrw, .ybk, .m3u, .wma, .p7b, .layout, .orf, .cdr, .xxx, .srf, .wpl, .xlgc, .z, .xyp, .wri, .xdl, .ncf, .icxs, .vpp_pc, .vcf, .rtf, .3ds, .arch00, .ods, .xyw, .bkp, .iwi, .svg, .psk, .wot, .ptx, .zw, .zif, .xlsm, .xmmap, .wp5, .pdf, .rgss3a, .bkf, .dwg, .ltx, .flv, .cer, .css, .hplg, .blob, .mdbackup, .wb2, .7z, .wma, .qdf, .das, .xlsx, .0, .zip, .itdb, .cr2, .wps, .asset, .ai, .ntl, .sav, .docm, .raf, .tax, .wpd, .wsc, .xf, .wotreplay, .xml, .rwl, .sr2, .wsd, .xlsb, .r3d, .mp4, .menu, .mdf, .apk, .xpm, .rb, .avi, .docx, .hkx

With the encryption work done, all encrypted photos, documents and music will now have the new .stone extension appended to them. Stone ransomware drops a file called ‘_readme.txt’. This file contains a ransomnote that is written in the English language. The ransom message directs victims to make payment to a cryptocurrency wallet in exchange for the keys needed to decrypt personal files.

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-4Orti6OnRT
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

 

Threat Summary

Name Stone
Type Ransomware, Filecoder, Crypto virus, File locker
Encrypted files extension .stone
Ransom note _readme.txt
Contact gorentos@bitmessage.ch, stoneland@firemail.cc, @datarestore (telegram)
Ransom amount $980, $490 in Bitcoins
Symptoms
  • Unable to open personal files
  • Your documents, photos and music now have a different extension
  • Your file directories contain a ‘ransom note’ file that is usually a .txt file
Removal To remove Stone ransomware use the removal guide
Decryption To decrypt Stone ransomware use the steps

 

Follow our guidance below to detect and remove Stone crypto virus from your PC system as well as recover (decrypt) encrypted photos, documents and music for free.

Quick links

  1. How to remove Stone crypto virus
  2. How to decrypt .stone files
  3. Use STOPDecrypter to decrypt .stone files
  4. How to restore .stone files
  5. How to protect your computer from Stone crypto virus?
  6. Finish words

How to remove Stone crypto virus

Cyber security experts have built efficient malicious software removal tools to aid users in uninstalling Ransomware, trojans and worms. Below we will share with you the best malware removal utilities with the ability to scan for and remove .Stone crypto malware and other malicious software.



How to remove Stone ransomware with Zemana Anti-malware

Zemana Anti-malware highly recommended, because it can locate security threats such Stone ransomware, trojans and other malware that most ‘classic’ antivirus apps fail to pick up on. Moreover, if you have any Stone removal problems which cannot be fixed by this tool automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.

Visit the page linked below to download Zemana Anti Malware. Save it on your Desktop.

Zemana AntiMalware
Zemana AntiMalware
165086 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

When the download is finished, close all applications and windows on your personal computer. Double-click the setup file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as on the image below, click the “Yes” button.

Zemana uac

It will open the “Setup wizard” that will help you install Zemana on your system. Follow the prompts and do not make any changes to default settings.

Zemana Anti-Malware Setup Wizard

Once install is done successfully, Zemana will automatically start and you can see its main screen like below.

Now press the “Scan” button for scanning your PC for the Stone ransomware, other malware, worms and trojans. This process can take some time, so please be patient. During the scan Zemana Anti Malware (ZAM) will scan for threats present on your computer.

Zemana Free detect Stone ransomware and other security threats

After Zemana Anti Malware has completed scanning your personal computer, Zemana AntiMalware (ZAM) will open you the results. In order to remove all threats, simply click “Next” button. The Zemana Anti Malware (ZAM) will remove Stone ransomware and other security threats and move items to the program’s quarantine. After finished, you may be prompted to restart the PC system.

Remove Stone ransomware with MalwareBytes Free

We advise using the MalwareBytes which are completely clean your computer of the ransomware. This free utility is an advanced malicious software removal program developed by (c) Malwarebytes lab. This application uses the world’s most popular anti malware technology. It is able to help you delete ransomware, trojans, malicious software, adware software, worms, and other security threats from your personal computer for free.

Visit the following page to download the latest version of MalwareBytes Free for Windows. Save it on your Windows desktop or in any other place.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327305 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

When downloading is complete, close all windows on your machine. Further, open the file named mb3-setup. If the “User Account Control” prompt pops up as on the image below, press the “Yes” button.

MalwareBytes for Microsoft Windows uac dialog box

It will show the “Setup wizard” that will assist you install MalwareBytes AntiMalware (MBAM) on the system. Follow the prompts and don’t make any changes to default settings.

MalwareBytes for MS Windows install wizard

Once installation is finished successfully, click Finish button. Then MalwareBytes Free will automatically run and you can see its main window like below.

MalwareBytes Free for MS Windows

Next, click the “Scan Now” button to scan for Stone ransomware virus, other malicious software, worms and trojans. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your system and the speed of your personal computer. During the scan MalwareBytes Anti Malware (MBAM) will detect threats present on your system.

MalwareBytes for Windows look for Stone ransomware and other security threats

As the scanning ends, MalwareBytes Anti Malware will open a list of all threats detected by the scan. Once you have selected what you wish to remove from your PC system click “Quarantine Selected” button.

MalwareBytes Free for Microsoft Windows, scan for ransomware is finished

The MalwareBytes will begin to remove Stone ransomware related files, folders and registry keys. After finished, you can be prompted to restart your computer. We advise you look at the following video, which completely explains the process of using the MalwareBytes to remove browser hijacker infections, adware and other malicious software.

Remove Stone virus from PC system with KVRT

KVRT is a free removal tool that can be downloaded and use to remove crypto malwares, adware software, malware, PUPs, toolbars and other threats from your machine. You can use this utility to scan for threats even if you have an antivirus or any other security program.

Download Kaspersky virus removal tool (KVRT) on your Microsoft Windows Desktop by clicking on the following link.

Kaspersky virus removal tool
Kaspersky virus removal tool
129308 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the download is complete, double-click on the KVRT icon. Once initialization process is finished, you’ll see the KVRT screen as on the image below.

KVRT main window

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . Kaspersky virus removal tool program will scan through the whole PC for the Stone ransomware and other known infections. While the KVRT utility is scanning, you can see count of objects it has identified as being affected by malware.

KVRT scanning

After the scan is finished, you’ll be shown the list of all found threats on your machine as displayed in the following example.

Kaspersky virus removal tool scan report

You may remove items (move to Quarantine) by simply click on Continue to start a cleaning procedure.

How to decrypt .stone files

The Stone crypto virus offers to make a payment in Bitcoins to get a key to decrypt personal files. Important to know, currently not possible to decrypt .stone files without the private key and decrypt application.

Should you pay the ransom

If your files have been locked by the Stone crypto malware, We suggests: do not to pay the ransom. If this malware make money for its makers, then your payment will only increase attacks against you. Of course, decryption without the private key is not feasible, but that does not mean that the Stone ransomware virus must seriously disrupt your live.

Files encrypted by .Stone ransomware

Files encrypted by .Stone ransomware

With some variants of the Stone ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.




Use STOPDecrypter to decrypt .stone files

Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).

STOPDecrypter

STOPDecrypter

STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .dotmap. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.stone).

Please check the twitter post for more info.

How to restore .stone files

In some cases, you can recover files encrypted by Stone ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.




Use ShadowExplorer to recover .stone files

In order to restore .stone photos, documents and music encrypted by the Stone ransomware from Shadow Volume Copies you can use a tool called ShadowExplorer. We suggest to use this way as it is easier to find and recover the previous versions of the encrypted files you need in an easy-to-use interface.

ShadowExplorer can be downloaded from the following link. Save it on your Desktop.

ShadowExplorer
ShadowExplorer
439697 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

Once the downloading process is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the figure below.

ShadowExplorer folder

Launch the ShadowExplorer tool and then choose the disk (1) and the date (2) that you want to recover the shadow copy of file(s) encrypted by the Stone ransomware as displayed in the following example.

ShadowExplorer restore files encrypted by the Stone ransomware virus

Now navigate to the file or folder that you wish to recover. When ready right-click on it and click ‘Export’ button as displayed in the figure below.

ShadowExplorer restore file

Use PhotoRec to restore .stone files

Before a file is encrypted, the Stone ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file restore programs like PhotoRec.

Download PhotoRec from the following link.

PhotoRec
PhotoRec
221344 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

After the downloading process is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the figure below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for Windows. It’ll display a screen as displayed below.

PhotoRec for windows

Select a drive to recover as displayed on the image below.

photorec choose drive

You will see a list of available partitions. Choose a partition that holds encrypted photos, documents and music as displayed below.

photorec select partition

Press File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.

PhotoRec file formats

Next, click Browse button to select where recovered files should be written, then press Search.

photorec

Count of recovered files is updated in real time. All recovered files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.

When the recovery is finished, click on Quit button. Next, open the directory where recovered files are stored. You will see a contents as displayed in the figure below.

PhotoRec - result of recovery

All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to protect your computer from Stone crypto virus?

Most antivirus software already have built-in protection system against the ransomware. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.

Run HitmanPro.Alert to protect your PC system from Stone crypto virus

All-in-all, HitmanPro.Alert is a fantastic tool to protect your PC from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from Microsoft Windows XP to Windows 10.

Download HitmanPro Alert on your computer by clicking on the following link.

HitmanPro.Alert
HitmanPro.Alert
6880 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

After the download is finished, open the directory in which you saved it. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro.Alert desktop icon. After the utility is opened, you’ll be displayed a window where you can select a level of protection, as displayed in the following example.

HitmanPro.Alert install

Now click the Install button to activate the protection.

Finish words

After completing the few simple steps above, your machine should be clean from Stone ransomware and other malicious software. Your PC system will no longer encrypt your files. Unfortunately, if the few simple steps does not help you, then you have caught a new ransomware, and then the best way – ask for help here.

 

Virus

 Previous Post

Stoneland@firemail.cc ransomware virus (Restore, Decrypt encrypted files)

Next Post 

How to remove Fitoftmobesed.info pop-ups [Chrome, Firefox, IE, Edge]

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Polexar.com Review, Fake ELON Bitcoin Promo Codes Scam
scam alert
Beware of Koppro.top: Fake Bitcoin Promo Code Scams
How to remove Lopplarting.com pop-up ads
scam alert
Hypschonerms.com Virus Removal Guide
scam alert
How to remove Meatitenes.co.in pop-up ads

Follow Us

Search

Useful Guides

Malwarebytes won’t install, run or update – How to fix it
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
How to reset Internet Explorer settings to default
How to reset Google Chrome settings to default

Recent Guides

Stoneland@firemail.cc ransomware
Stoneland@firemail.cc ransomware virus (Restore, Decrypt encrypted files)
Mao1.club
How to remove Mao1.club [Chrome, Firefox, IE, Edge]
Dailyapp.me
How to remove Dailyapp.me pop-ups [Chrome, Firefox, IE, Edge]
Usecytonsmehers.info
How to remove Usecytonsmehers.info pop-ups [Chrome, Firefox, IE, Edge]
Likeherlife.info
How to remove Likeherlife.info pop-ups [Chrome, Firefox, IE, Edge]

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.