Facing Ransomware: A Personal Account of DJVU/STOP Ransomware

The threat of ransomware is a reality that many individuals and businesses face today. Unfortunately, I recently became a victim of a ransomware attack, specifically the DJVU/STOP variant, after downloading a FL Studio plugin from a dubious source. By mistakenly opening an executable file, I triggered the ransomware, which has since encrypted all of my personal files, transforming their format into .SGHL.

Upon encountering this distressing situation, I discovered a text file left by the malware. The message was alarming yet frustratingly formatted as follows:

WARNING!

Your files, including important documents, photos, and databases, have been encrypted using a strong encryption method along with a unique key. The only way to recover your data is by purchasing a decryption tool and the corresponding key from the attackers. According to their message, this software will allow you to unlock all your encrypted files.

The attackers have provided an unsettling offer: you can send them one encrypted file for free decryption, but it must not contain sensitive information. They also included a link to a video overview of their decryption tool, which I advise against clicking, as I am unsure of its safety.

The cost for the decryption key and software is set at $980. However, there’s a 50% discount if you respond within the first 72 hours, dropping the price to $490. The ultimatum is clear: without payment, the prospect of recovering your data diminishes drastically. Additionally, they direct you to check your spam folder for their reply if you don’t hear back within six hours.

In light of this harrowing experience, I have a few questions. Does anyone know whether the ransomware criminals typically copy the files they encrypt, or are they solely stored in an encrypted format on my machine?

I want to extend my gratitude to everyone who has reached out with support and suggestions on my ordeal. Your kindness and insights have been incredibly helpful during this anxious time. If you have any experiences, resources, or advice regarding ransomware recovery, please share them in the comments. Your input means more than you know!