Jump to content

Ransomware incident .ZAPS variant of STOP/Djvu

Recommended Posts

Hello @Shakken99    :welcome:

I am very sorry to say that that sounds like a encrypting ransomware infection.  You seem to say that a large number of program files ( EXE files) got their extensions modified to .ZAPS.

I imagine that also a large amount of documents and files have also been affected as well.

I take it that you cannot open or use the files due to the ransomware.   This is not "a virus".  This is a encrypting ransomware.

Files encrypted by ransomware cannot be "read" or used normally once they are encrypted.  Encryption means that the ransomware has physically changed the file so you cannot access it.  

Malwarebytes has no decrypter. We cannot recover any of your encrypted files.  We have no magical tool.
User files or documents or images damaged by the encrypting ransomware cannot be cured ( or fixed) by malwarebytes.

You could recover your damaged files from a offline backup ( that you had made from before this ransomware incident). Offline backup is your friend.
Do you have a old offline backup of your machine?

I take it that this pc did not have installed , prior to the ransomware incident, the Premium Malwarebytes. Had the case been that the pc did have the Premium Malwarebytes beforehand, the malicious ransomware would have been stopped.

Look on your Desktop and or your Documents folder or any other folder where there are encrypted files.  You most likely will see a text-type file named 






That would be a file containing a ransom note made by this ransomware.  We here on the forum and also at Malwarebytes have no decryption tool,

Just so you are aware of that.  It seems your machine was / is a victim of a variant of the STOP (djvu) ransomware.

See these articles

"Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About"


Also See https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/


If you have saved offline backups of the system from before this infection, that is the best means of recovering damaged user files.

Edited by Maurice Naggar
Link to post
Share on other sites

  • AdvancedSetup changed the title to Ransomware incident .ZAPS variant of STOP/Djvu


I have not heard back from you.  I wanted to add a few notes for computer safety.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

Only using the Standard-access-level user account when surfing and downloading / installing would have been a tremendous way to prevent the infections of this machine.

Don't remove ( or change )  your current login. Just use the new Standard-user-level one for everyday use while on the internet.


Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"  


It is not clear if your company only has just one computer or whether there are more.  Whether less than 10 devices or more.

However, know that Malwarebytes Premium has multiple real-time protections, including anti-ransomware.

See https://www.malwarebytes.com/business/solutions/small-business

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.