Djvu, also known as STOP, is one of the most popular types of ransomware. It infects Windows computers all over the world. 

Ransomware programs are malicious programs. They restrict access to your computer or your data and demand a ransom.

You might have heard of various ransomware attacks of large businesses. Some of those attacks also resulted in data leaks. One of the most devastating crypto malware attacks was NotPetya. It crippled international companies and disrupted the daily life of millions of people (The Untold Story of NotPetya, the Most Devastating Cyberattack in History).

All this might make ransomware seem like a distant threat, something that only large businesses and governments need to care about. But Djvu proves this wrong. It is remarkable because it is so small and so incredibly widespread. Djvu infects PCs all over the world and asks for a ransom that is high, yet affordable. This makes it a real threat to individual users and very small businesses.

How to recognize a Djvu infection

Ransomware infections are characterized by data on the infected computer becoming inaccessible. By your files being broken.

When it’s Djvu ransomware at fault, it encrypts those files and adds a new extension to their names. Usually, it’s a meaningless four letter combination, like “coos”, “pola”, or “djvu”. This letter combination is appended to the names of all encrypted files.


In addition, those files change icons to the blank page icon. The new file names confuse Windows. The operating system can’t recognize what file type they’re supposed to be.

You can read more about the specific Djvu effects, including fake Windows update pop-ups and spyware infections, in this article – DJVU Virus (Ransomware). It also lists a few possible solutions for getting your files back, such as data recovery and file repair.

Unlike many other ransomware infections, Djvu does not change your desktop background. It does create text files with a ransom note, including the contact details of the people responsible for the attacks.

We don’t know who these people are. Only that they’re responsible for one of the most infectious ransomware strains out there.

While ransomware researchers have made efforts to help the victims of Djvu (Emsisoft releases new decryptor for STOP Djvu ransomware), there is no free and easy solution for the majority of victims.

Djvu gets uploaded online disguised as a free version of a commercial program, such as Microsoft Office. Meaning, it preys on those who are already financially vulnerable. And it makes them pay hundreds of dollars for a chance to get their data back. If you want to talk to people in the same situation, visit the forum for Djvu victims: STOP Ransomware Help & Support Topic.