Analysing STOP Ransomware
Overview STOP/DJVU ransomware can be executed with one of the parameters listed: --Admin, --ForNetRes, --Task , --AutoStart or --Service . It gathers location information of the victim with the help of a geolocation API service and compares its hard coded country codes to the victim’s code, if one of them matches the malware stops running. It uses the Salsa20 algorithm to encrypt files and adds the .cdpo file extension at the end of each one of them.