Hit by ransomware?

We're here to fix that.

Use our free ransomware decryption tools to unlock your files without paying the ransom

Please note that these free tools are provided as-is and without warranty of any kind. The tools may only work with specific ransomware versions, and may not work with versions that were released after a tool was created. Technical support for the tools is available only to customers using a paid Emsisoft product.

[Jul, 22, 2016] - Version:

Stampado decryptor

Stampado is a ransomware kit offered within various hacking communities. Written in AutoIt, it encrypts files using AES-256 encryption and renames them to *.locked. Known variants of this ransomware ask victims to contact [email protected], [email protected], [email protected], [email protected] or [email protected] to facilitate payment. An example ransom note is shown below:

All your files have been encrypted!

All your documents (databases, texts, images, videos, musics etc.) were encrypted. The encryption was done using a secret key that is now on our servers.

To decrypt your files you will need to buy the secret key from us. We are the only on the world who can provide this for you.

Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose.

Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files.

What can I do?

Contact us by email telling your ID (below) and wait for us to send the instructions.

Contact us by: [email protected]

As a proof, you can send one encrypted file, so we will send it back decrypted. Use it as a guarantee that we can decrypt your files.

In order for the decrypter to work you will require both the email you are asked to contact as well as your ID. Please keep in mind that both are case sensitive, so proper capitalization does matter. Please put both information into the appropriate fields in the options tab.

Since version 1.17.0 each Stampado infection also has a unique "salt" that is specific to the ransomware buyer. The salt can either be specified manually or detected automatically. In order to determine the salt automatically the ransomware has to be running on the system. Fill in the ID and email address and click the "Detect ..." button next to the salt input field.

If the malware has already been removed, please don't attempt to reinfect yourself. Instead submit the malware file via email to [email protected] so I can extract the correct salt for you. You can also try the pre-configured salts that have been used by known Stampado campaigns in the wild so far.