Salesrestoresoftware@firemail.cc is the email address that cybercriminals use to contact victims of ransomware, which belongs to STOP (DJVU) ransomware family. This email address is given in the message, which is in a file called ‘_readme.txt’. The ransomware drops the file ‘_readme.txt’ in every directory where there is at least one encrypted file.
Attackers report that the victim’s files are encrypted and the only way to decrypt them is to buy a decryptor and a unique key. In other words, they want a ransom from the victim. Of course, there is absolutely no guarantee that after paying the ransom, the attackers will give the key and allow the victim to unlock the encrypted files.
Summary
| Email address | Salesrestoresoftware@firemail.cc |
| Related ransomware | STOP (DJVU) family |
| Ransom note | _readme.txt |
| Ransom amount | $980/$490 |
| Removal | Free Malware Removal Tools |
| Decryption | Free STOP Djvu Decryptor |
The ransomware that uses the ‘Salesrestoresoftware@firemail.cc’ email to contact victims belongs to the latest versions of STOP (DJVU) ransomware. Emsisoft has developed a free decryptor that can decrypt encrypted files in some cases. More information in the article Emsisoft STOP Djvu Ransomware Decryptor – Free way to decrypt encrypted files.
