This week, cyber threat analysts has received reports of yet another ransomware called ‘Stone ransomware‘. This ransomware virus spreads via spam emails and malware files and appends the .stone file extension to encrypted files. This article will provide you a brief summary of information related to this ransomware and how to recover (decrypt) encrypted photos, documents and music for free.
Files encrypted by .Stone ransomware
Stone crypto virus is a malicious software which limits you from viewing your documents, photos and music. It forces you to pay the ransom through Bitcoins in order to get your photos, documents and music back. It is known to encrypt almost all file types, including files with extensions:
.p12, .z3d, .xll, .xls, .kf, .xwp, .xbdoc, .pem, .rw2, .hvpl, .zdc, .wpg, .pef, .1st, .wmd, .odp, .der, .rar, .wmv, .jpg, .dbf, .odm, .pfx, .ysp, .mov, .wgz, .xlsx, .sidd, .cas, .jpeg, .yal, .tor, .wdb, .forge, .zi, .pst, .sis, .snx, .xlsm, .wpb, .dng, .map, .mdb, .bar, .odt, .vpk, .wp4, .wp7, .pptm, .mpqge, .psd, .xlk, .bsa, .wbz, .dmp, .y, .fpk, .py, .mcmeta, .wire, .srw, .bc6, .sb, .xy3, .wbmp, .indd, .crt, .csv, .webdoc, .wmf, .m4a, .ff, .fsh, .js, .vfs0, .wmo, .m2, .rim, .mlx, .wpe, .jpe, .cfr, .crw, .wp6, .3fr, .ibank, .webp, .lvl, .db0, .fos, .big, .xld, .dxg, .zdb, .eps, .re4, .wav, .2bp, .wpw, wallet, .vtf, .wmv, .sidn, .odb, .itl, .3dm, .xx, .itm, .iwd, .vdf, .lbf, .wps, .1, .odc, .wbk, .wbc, .zip, .x, .mef, .pptx, .wpd, .wn, .dazip, .wdp, .ppt, .arw, .wpa, .dcr, .xls, .mrwref, .litemod, .pdd, .lrf, .dba, .wpt, .wp, .x3f, .wm, .yml, .qic, .txt, .pkpass, .w3x, .t12, .hkdb, .xdb, .gdb, .kdc, .sum, .x3f, .wbd, .syncdb, .gho, .sql, .zabw, .t13, .epk, .pak, .wbm, .xbplate, .esm, .mddata, .bc7, .p7c, .slm, .wsh, .accdb, .raw, .kdb, .bik, .x3d, .sid, .sie, .rofl, .bay, .ws, .png, .nrw, .ybk, .m3u, .wma, .p7b, .layout, .orf, .cdr, .xxx, .srf, .wpl, .xlgc, .z, .xyp, .wri, .xdl, .ncf, .icxs, .vpp_pc, .vcf, .rtf, .3ds, .arch00, .ods, .xyw, .bkp, .iwi, .svg, .psk, .wot, .ptx, .zw, .zif, .xlsm, .xmmap, .wp5, .pdf, .rgss3a, .bkf, .dwg, .ltx, .flv, .cer, .css, .hplg, .blob, .mdbackup, .wb2, .7z, .wma, .qdf, .das, .xlsx, .0, .zip, .itdb, .cr2, .wps, .asset, .ai, .ntl, .sav, .docm, .raf, .tax, .wpd, .wsc, .xf, .wotreplay, .xml, .rwl, .sr2, .wsd, .xlsb, .r3d, .mp4, .menu, .mdf, .apk, .xpm, .rb, .avi, .docx, .hkx
With the encryption work done, all encrypted photos, documents and music will now have the new .stone extension appended to them. Stone ransomware drops a file called ‘_readme.txt’. This file contains a ransomnote that is written in the English language. The ransom message directs victims to make payment to a cryptocurrency wallet in exchange for the keys needed to decrypt personal files.
Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-4Orti6OnRT Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Threat Summary
| Name | Stone |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Encrypted files extension | .stone |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch, stoneland@firemail.cc, @datarestore (telegram) |
| Ransom amount | $980, $490 in Bitcoins |
| Symptoms |
|
| Removal | To remove Stone ransomware use the removal guide |
| Decryption | To decrypt Stone ransomware use the steps |
Follow our guidance below to detect and remove Stone crypto virus from your PC system as well as recover (decrypt) encrypted photos, documents and music for free.
Quick links
- How to remove Stone crypto virus
- How to decrypt .stone files
- Use STOPDecrypter to decrypt .stone files
- How to restore .stone files
- How to protect your computer from Stone crypto virus?
- Finish words
How to remove Stone crypto virus
Cyber security experts have built efficient malicious software removal tools to aid users in uninstalling Ransomware, trojans and worms. Below we will share with you the best malware removal utilities with the ability to scan for and remove .Stone crypto malware and other malicious software.
How to remove Stone ransomware with Zemana Anti-malware
Zemana Anti-malware highly recommended, because it can locate security threats such Stone ransomware, trojans and other malware that most ‘classic’ antivirus apps fail to pick up on. Moreover, if you have any Stone removal problems which cannot be fixed by this tool automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.
Visit the page linked below to download Zemana Anti Malware. Save it on your Desktop.
165086 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
When the download is finished, close all applications and windows on your personal computer. Double-click the setup file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as on the image below, click the “Yes” button.
It will open the “Setup wizard” that will help you install Zemana on your system. Follow the prompts and do not make any changes to default settings.
Once install is done successfully, Zemana will automatically start and you can see its main screen like below.
Now press the “Scan” button for scanning your PC for the Stone ransomware, other malware, worms and trojans. This process can take some time, so please be patient. During the scan Zemana Anti Malware (ZAM) will scan for threats present on your computer.
After Zemana Anti Malware has completed scanning your personal computer, Zemana AntiMalware (ZAM) will open you the results. In order to remove all threats, simply click “Next” button. The Zemana Anti Malware (ZAM) will remove Stone ransomware and other security threats and move items to the program’s quarantine. After finished, you may be prompted to restart the PC system.
Remove Stone ransomware with MalwareBytes Free
We advise using the MalwareBytes which are completely clean your computer of the ransomware. This free utility is an advanced malicious software removal program developed by (c) Malwarebytes lab. This application uses the world’s most popular anti malware technology. It is able to help you delete ransomware, trojans, malicious software, adware software, worms, and other security threats from your personal computer for free.
Visit the following page to download the latest version of MalwareBytes Free for Windows. Save it on your Windows desktop or in any other place.
327305 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When downloading is complete, close all windows on your machine. Further, open the file named mb3-setup. If the “User Account Control” prompt pops up as on the image below, press the “Yes” button.
It will show the “Setup wizard” that will assist you install MalwareBytes AntiMalware (MBAM) on the system. Follow the prompts and don’t make any changes to default settings.
Once installation is finished successfully, click Finish button. Then MalwareBytes Free will automatically run and you can see its main window like below.
Next, click the “Scan Now” button to scan for Stone ransomware virus, other malicious software, worms and trojans. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your system and the speed of your personal computer. During the scan MalwareBytes Anti Malware (MBAM) will detect threats present on your system.
As the scanning ends, MalwareBytes Anti Malware will open a list of all threats detected by the scan. Once you have selected what you wish to remove from your PC system click “Quarantine Selected” button.
The MalwareBytes will begin to remove Stone ransomware related files, folders and registry keys. After finished, you can be prompted to restart your computer. We advise you look at the following video, which completely explains the process of using the MalwareBytes to remove browser hijacker infections, adware and other malicious software.
Remove Stone virus from PC system with KVRT
KVRT is a free removal tool that can be downloaded and use to remove crypto malwares, adware software, malware, PUPs, toolbars and other threats from your machine. You can use this utility to scan for threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) on your Microsoft Windows Desktop by clicking on the following link.
129308 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the download is complete, double-click on the KVRT icon. Once initialization process is finished, you’ll see the KVRT screen as on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . Kaspersky virus removal tool program will scan through the whole PC for the Stone ransomware and other known infections. While the KVRT utility is scanning, you can see count of objects it has identified as being affected by malware.
After the scan is finished, you’ll be shown the list of all found threats on your machine as displayed in the following example.
You may remove items (move to Quarantine) by simply click on Continue to start a cleaning procedure.
How to decrypt .stone files
The Stone crypto virus offers to make a payment in Bitcoins to get a key to decrypt personal files. Important to know, currently not possible to decrypt .stone files without the private key and decrypt application.
If your files have been locked by the Stone crypto malware, We suggests: do not to pay the ransom. If this malware make money for its makers, then your payment will only increase attacks against you. Of course, decryption without the private key is not feasible, but that does not mean that the Stone ransomware virus must seriously disrupt your live.
Files encrypted by .Stone ransomware
With some variants of the Stone ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .stone files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .dotmap. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.stone).
Please check the twitter post for more info.
How to restore .stone files
In some cases, you can recover files encrypted by Stone ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.
Use ShadowExplorer to recover .stone files
In order to restore .stone photos, documents and music encrypted by the Stone ransomware from Shadow Volume Copies you can use a tool called ShadowExplorer. We suggest to use this way as it is easier to find and recover the previous versions of the encrypted files you need in an easy-to-use interface.
ShadowExplorer can be downloaded from the following link. Save it on your Desktop.
439697 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once the downloading process is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the figure below.
Launch the ShadowExplorer tool and then choose the disk (1) and the date (2) that you want to recover the shadow copy of file(s) encrypted by the Stone ransomware as displayed in the following example.
Now navigate to the file or folder that you wish to recover. When ready right-click on it and click ‘Export’ button as displayed in the figure below.
Use PhotoRec to restore .stone files
Before a file is encrypted, the Stone ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file restore programs like PhotoRec.
Download PhotoRec from the following link.
After the downloading process is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the figure below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll display a screen as displayed below.
Select a drive to recover as displayed on the image below.
You will see a list of available partitions. Choose a partition that holds encrypted photos, documents and music as displayed below.
Press File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.
Next, click Browse button to select where recovered files should be written, then press Search.
Count of recovered files is updated in real time. All recovered files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, click on Quit button. Next, open the directory where recovered files are stored. You will see a contents as displayed in the figure below.
All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your computer from Stone crypto virus?
Most antivirus software already have built-in protection system against the ransomware. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your PC system from Stone crypto virus
All-in-all, HitmanPro.Alert is a fantastic tool to protect your PC from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from Microsoft Windows XP to Windows 10.
Download HitmanPro Alert on your computer by clicking on the following link.
After the download is finished, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. After the utility is opened, you’ll be displayed a window where you can select a level of protection, as displayed in the following example.
Now click the Install button to activate the protection.
Finish words
After completing the few simple steps above, your machine should be clean from Stone ransomware and other malicious software. Your PC system will no longer encrypt your files. Unfortunately, if the few simple steps does not help you, then you have caught a new ransomware, and then the best way – ask for help here.
