Stampado Ransomware is the name of a new disaster that can hit your computer if you let it on board. This ransomware may not have started its rampage on the web yet, but it is definitely up for sale already on the Dark Web. As a matter of fact, this dangerous malware infection is sold for crooks for a surprisingly low price ($39) and it is not even only for a monthly rental. This could be a very attractive feature to schemers, which means that very soon there could be a number of variants out there since this ransomware is actually customizable. This infection seems to have the same features as CryptoLocker Ransomware. Since there is no decryption tool available on the web yet, if your computer is under attack by this ransomware, chances are you will lose all your documents, images, videos, archives, and program files encrypted by this beast. You basically have two choices here. First, you can decide to pay the ransom fee and pray that your files will be recovered, and second, you use a recent backup from an external drive to restore your files. Nevertheless, we suggest that you remove Stampado Ransomware as soon as you notice its presence, unless of course you want to pay these criminals for the secret private key, which is needed to decrypt your files.
This ransomware has been recently found on the Dark Web heavily promoted as Ransomware-as-a-Service (RaaS). This means that you may not find a large number of hits yet since it is only up for sale and there is no news of multiple attacks by this ransomware. But we are certain you will not have to wait for long. Since there are no samples and user reports out there, we can mainly base our research on what we learned from a promotional video posted on YouTube by the creators of this nightmare. This video has been removed by YouTube recently based on their “policy on scam.” However, it is quite clear that the schemers who buy this ransomware will receive a builder or will be able to access a control panel on the web in order to create their own custom ransomware file. This file can then be embedded in other documents and be distributed as spam, adware, or fake installers.
Since schemers will have a number of options to set up the malicious file, you can expect a number of variants as well. The malicious file can be saved as EXE, BAT, DLL, SCR, or CMD. If you do not want to get infected by Stampado Ransomware, you should be very careful with opening e-mails in your inbox since certain spam mails can evade your filter. Criminals use very misleading subjects to make sure that you consider them important enough to open them and download the attached file. This attached file is indeed the malicious file that will activate this ransomware. It could be disguised as an image, a video, or a text document (.docx and .pdf). Whenever in doubt about the senders or the subjects of e-mails, you should contact the senders to double-check if they really sent them and the attachments are there for you to open them. This way you would have a chance to avoid such a major hit and you would not have to remove Stampado Ransomware or any other infection that could infiltrate your computer.
It is also possible that this malicious file will be promoted as a fake installer through unsafe third-party ads. One click on the wrong pop-up or banner ad could drop this infection onto your system. You should make sure that there are no adware programs on your system, which could display such ads, or that you do not land on shady gaming and file-sharing websites, which also host dangerous advertisements.
Once you click on the downloaded malicious file, Stampado Ransomware starts its vicious mission and encrypts all your important files with AES-256 encryption algorithm. This may take a very short time so you will not even be able to stop this devastating process. But even so, we advise you to delete Stampado Ransomware from your system.
All your encrypted files will get a “.locked" extension, which is used by a number of other ransomware infections as well. When the infection finishes the encryption, it displays its ransom note on your screen that informs you about the sad fact that all your files haves been encrypted. You are given 96 hours to transfer the ransom fee, which could be different for every variant. The usual fee ranges from 100 to 500 US dollars and demanded to be paid in Bitcoins. You are supposed to contact these criminals via the provided e-mail address to get further instructions with regard to the payment method.
Furthermore, as an “incentive,” every 6 hours a random encrypted file gets permanently deleted from your computer; a feature that is very similar to that of Jigsaw Ransomware. In your contact mail you can also send one encrypted file apart from your ID that is given in the ransom note so that these crooks can prove that they can actually decrypt your files. Based on the promotional video we can say that it may be possible that this time decryption could work if you pay the fee. However, keep in mind that you are dealing with all kinds of criminals when it comes to the god-knows-how-many variants this ransomware may have in the future. So it is possible that the creators developed a ransomware that can decrypt the files once the transfer is confirmed, but it could be up to the respective schemers really whether they are willing to do so or not.
We believe that Stampado Ransomware reminds us of the most important security policy when it comes to protecting our files and data stored on our hard disk: backup. If you have a recent backup of your files, it would be easy for you to simply transfer your files back onto your PC; of course, only after you remove Stampado Ransomware. Speaking of which, unfortunately, we cannot give you specific solutions in this case since this is a very fresh infection and no samples are available at the time of writing this article. It is possible that it is enough for you to simply delete the malicious file that you downloaded and ran. We would also recommend that you install an up-to-date anti-malware program that will most likely already have detection for this ugly beast and its variants. We have included instructions for the file removal if you need assistance with it. Please leave us a comment below if you require help with this infection.