A Stampedo ransomware decryptor has been posted by Emisoft which can be used by healthcare organizations to unlock data that have been encrypted by Stampedo ransomware. The Stampedo ransomware decryptor can be accessed and used free of charge.
Ransomware gangs usually stipulate a time limit for paying a ransom and claim they will delete decryption keys if the ransom payment is not made promptly. Oftentimes, delaying payment will see the ransom amount increased. What makes Stampedo ransomware different is the method used to ensure victims pay promptly. Victims are given just 96 hours to make the payment and decrypt their files. If the payment is not received, random files will start to be deleted every six hours until the ransom is paid. If no viable backup exists, the files will be permanently lost.
Many ransomware gangs enlist the help of affiliates to spread infections. Under the affiliate model, individuals can purchase ransomware and conduct their own campaigns without having to write ransomware from scratch. In fact, it takes next to no skill to run one of these campaigns. The affiliate then sends out the ransomware and receives a cut of every ransom payment that is made. The author of the ransomware takes a percentage of each payment.
Affiliates have to make an initial payment to obtain a ransomware kit, which may be a couple of hundred dollars or more. However, the gang behind Stampedo are only charging $39 in Bitcoin to get started. The low price is expected to see many new affiliates sign up for the deal. That $39 buys the affiliate a lifetime for Stampedo.
Stampedo was discovered by Heimdal Security researchers earlier this month. The malicious file encrypting software is fully functional, yet flaws in its design have allowed a Stampedo ransomware decryptor to be created to unlock files without having to pay a ransom.
The Stampedo ransomware decryptor can be downloaded from the Emisoft website, as can decryptors for DMAlocker, Hydracrypt, AutoLocky, and Apocalypse.