Upon a successful computer infiltration, the STOP/DJVU ransomware installs its executable (.tmp.exe format file) in LocalAppData folder and downloads several other .exe files (updatewin.exe, build.exe, build2.exe, 1.exe, 2.exe and 3.exe or similar). After these preparations, DJVU virus scans the system for personal files and encrypts the first 150 KB of them with cryptographic algorithms, so that the victims couldn’t access them anymore. The virus also adds random 334 bytes (includes RSA-encrypted key, ID and filemarker) to the actual file size. Consequently, the malware drops ransom notes (called _openme.txt or _readme.txt), which hold information regarding data decryption. Update 2023 January 5th. In the beginning of 2023, the ransomware family is still extremely active and its main distribution method relies on illegal online downloads. On top of that, the malware launcher file samples collected during our research revealed a fact that STOP/DJVU versions often are triggered in tandem with information-stealing Trojans capable of extracting highly private information from infected computers. The names of discovered Trojans are RedLine, VIDAR, Azorult. These Trojans can steal browser cookies, history, saved passwords, offline cryptocurrency wallets, banking details, also view, edit or delete victim’s files on computer or download more malware on the system. Therefore, anyone facing such cybersecurity risks should know that STOP (DJVU) removal is simply an essential task that should not be delayed for long. For this matter, we recommend using an up-to-date and robust malware removal tool, such as INTEGO Antivirus. Do not try to remove the malware manually unless you are an advanced computer user. What is more, we strongly suggest using RESTORO to repair virus damage on Windows OS files. Additionally, you MUST change all your passwords for accounts whose credentials you have chosen to save in your browser. Due to the password-stealing capability of the malware installed on your computer, you should consider your passwords compromised immediately and not take any risks. Update 2020 January 18: On January 18th, a new version has been spotted again. At the ending of 2019, it was noticed that the ransomware developers slowed down with the virus’ distribution and stopped producing new versions at all. It is believed that they took some time off to cash out the earned money and rest before the new year. However, the appearance of KODC ransomware virus simply proves that earning millions from this virus in 2019 wasn’t enough – the nightmare for inattentive computer users is believed to evolve and continue. The latest STOP/DJVU versions of January 2023 are BPTO, ISWR, ISZA, BPSM, ZOUU, MBTF, ZNSM (find full list here). REPAIR VIRUS DAMAGE
_readme.txt file says failure to pay up results in data loss
The ransom note instructs to purchase a DJVU decryptor software and a private key for a particular sum, typically $980. Nonetheless, the attackers suggest a 50% discount if the victim contacts them within 72 hours (3 days), selling the decryption tools for $490. In order to guarantee that decryption tools will be provided, attackers suggest decrypting one file for free. To better understand how encryption/decryption works, let us provide an easy explanation. When files are encrypted, the malicious virus sends out information (in particular, private keys) to its remote servers. From there, keys can not be accessed by anyone but cybercriminals. These keys are the only keys that can decrypt your data. However, in some cases, attackers leave some flaws in their malicious software, which allows malware analysts to find out what the private keys are. The victim is then advised to contact one of the provided emails for further information. The attackers change their contact information regularly, but currently known email addresses are provided below.
gorentos@bitmessage.ch; gorentos2@firewall.cc; helpshadow@india.com; restoredjvu@firemail.cc; pdfhelp@india.com; salesrestoresoftware@firemail.cc; salesrestoresoftware@gmail.com; restorefiles@firemail.cc; datarestorehelp@firemail.cc; datahelp@iran.ir; helpmanager@firemail.cc; helpmanager@iran.ir; restoredjvu@india.com; helpdatarestore@firemail.cc; helpmanager@mail.ch; restoreadmin@firemail.cc (first noticed in ZIPE variant); restoremanager@airmail.cc (first noticed in MOBA variant); helpteam@mail.ch (first noticed in YGKZ variant); helpmanager@airmail.cc; managerhelper@airmail.cc (first noticed in MOQS variant); manager@mailtemp.ch (first noticed in SSPQ variant); supporthelp@airmail.cc (first noticed in TISC variant); helprestoremanager@airmail.cc (spotted in IRFK variant); support@sysmail.ch (spotted in NQHD variant); supportsys@airmail.cc (spotted in FOPA variant); manager@time2mail.ch (spotted in MSJD variant); admin@helpdata.top (spotted in FDCV variant); support@bestyourmail.ch (spotted in RRBB variant); datarestorehelp@airmail.cc (spotted in VVYU variant); support@fishmail.top (spotted in POHJ variant); support@freshmail.top (spotted in ZNSM variant).
The ransom note stresses out that STOP/DJVU decryption tool isn’t available in any other way, however, it isn’t entirely true. STOP/DJVU decrypt tool has been released on September 18, 2019, thanks to the work of Michael Gillespie and Emsisoft. Check this tutorial to download and learn how to use it. First detected in 2018 by Michael Gillespie, The malware is actively distributed in 2019 and is continuously updated. Proof of this – new variants append various file extensions to cryptographically modified files. It is believed that .djvu file virus along with other variants is operated by a Turkish hacker group. The list of currently known file extensions is provided below.
List of file extensions used by STOP/DJVU ransomware variants
As a rule, ransomware appends file extensions to modified files to make them stand out. Currently known file extensions used by DJVU virus family are: STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT,.djvut .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promock, .promoks, .promorad, .promorad2, .kroput, .kroput1, .charck, .pulsar1, .puma, .pumax, .pumas, .shadow, .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .moresa, .verasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .browec, .norvas, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidon, .heroset, .myskle, .boston, .muslat, .gerosan, ,vesad, .horon, .neras, .dalle, .lotep, .nusar, .litar, .truke, .besub, .cezor, .lokas, .godes, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .tocue, .darus, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, prandel, .zatrov, .masok, .ndarod, .access, .format, .brusaf, londec, .krusop, .nasoh, .nacro, .pedro, .mtogas, .coharos, .nuksus, .vesrato, .masodas, .stare, .cetori, .carote, .shariz, .gero, .hese, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .kuub, .noos, .reco, .xoza, .bora, .leto, .werd, .nols, .coot, .derp, .nakw, .toec, .mosk, .lokf, .peet, .grod, .kodg, .mbed, .zobm, .rote, .msop, .hets, .righ, .gesd, .merl, .nbes, .mkos, .redl, .piny, .kodc, .nosu, .reha, .topi, .npsg, .btos, .repp, .alka, .bboo, .rooe, .mmnn, .ooss, .mool, .nppp, .rezm, .lokd, .foop, .remk, .npsk, .opqz, .mado, .jope, .mpaj, .lalo, .lezp, .qewe, .mpal, .sqpc, .mzlq, .koti, .covm, .pezi, .zipe, .nlah, .kkll, .zwer, .nypd, .usam, .tabe, .vawe, .moba, .pykw, .zida, .maas, .repl, .kuus, .erif, .kook, .nile, .oonn .vari, .boop, .nord, .geno, .kasp, .ogdo, .npph, .kolz, .copa, lyli, .moss, .foqe, .mmpa, .efji, .nypg, .iiss, .jdyi, .vpsh, .agho, .vvoa, .epor, .sglh, .lisp, .weui, .nobu, .igdm, .booa, .omfl, .igal, .atek, .qlkm, .coos, .wbxd, .pola, .cosd, .plam, .ygkz, .cadq, .ribd, .reig, .tirp, .enfp, . ekvf, .ytbn, .fdcz, .urnb, .lmas, .wrui, .rejg, .pcqq, .igvm, .nusm, .ehiz, .paas, .pahd, .mppq, .qscx, .sspq, .iqll, .ddsg, .piiq, .leex, .neer, .miis, .zqqw, pooe, .lssr, .zzla, .wwka, .gujd, .ufwj, .moqs, .hhqa, .aeur, .guer, .nooa, .muuq, .reqg, .hoop, .orkf, .iwan, .lqqw, .efdc, .wiot, .koom, .rigd, .tisc, .nqsq, .irjg, .vtua, .maql, .zaps, .rugj, .rivd, .cool, .palq, .irfk, .stax, .qdla, .qmak, .futm, .iisa, .pqgs, .pqgs, .robm, .rigj, .moia, .yqal, .mljx, .yjqs, .shgv, .hudf, .nnqp, .xcmb, .sbpg, .miia, .loov, .dehd, .vgkf, .nqhd, .zaqi, .yber, .vfgj, .fhkf, .maak, .qqqw, .qqqe, .yoqs, .bbbw, .maiv, .bbbe, .bbbr, .qqqr, .cuag, .iips, .ccps, .qnty, .ckae, .eucy, .gcyi, .ooii, .rtgf, .jjtt, .fgui, .fgnh, .sdjm, .iiof, .vyia, .qbaa, .fopa, .vtym, .kqgs, .xcbg, .bpqd, .vlff, .eyrv, .uigd, .rguy, .mmuz, .hfgd, .kkia, .ssoi, .pphg, .wdlo, .kxde, .udla, .gtys, .mpag, .voom, .tuid, .uyjh, .ghas, .qall, .hajd, .qpss, .dwqs, .nuhb, .msjd, .ygvb, .dmay, .jhdd, .dewd, .jhbg, .jhgn, .mmob, .ttii, .hhjk, .sijr, .bbnm, .egfg, .xcvf, .mine, .kruu, .byya, .ifla, .errz, .dfwe, .fdcv, .fefg, .nnuz, .qlln, .zpps, .ewdf, .uihj, .zfdv, .rrcc, .rrbb, .rryy, .bnrs, .eefg, .bbyy, .bbii, .bbzz, .eijy, .efvc, .hkgt, .lloo, .lltt, .llee, .llqq, .eiur, .dkrf, .ghsd, .jjyy, .jjww, .hhew, .hhqw, .hheo, .ggew, .ggwq, .ggeo, .oori, .ooxa, .hhyu, .vvew, .vveo, .vvwq, .vvyu, .ccyu, .ccew, .cceo, .ccza, .qqlc, .qqlo, .qqmt, .qqri, .qqkk, .qqpp, .qqjj, . oovb, .oodt, .oopu, .mmpu, .mmdt, .mmvb, .eewt, .eemv, .aawt, .aamv, .aabn, .aayu, .eebn, .eeyu, .ofoq, .oflg, .ofww, .adww, .adlg, .towz, .tohj, .powz, .pohj, .tuis, .tury, .nuis, .nury, .powd, .pozq, .bowd, .bozq, .zate, .zatp, .fatp, .fate, .tcvp, .tcbu, .kcbu, .kcvp, .uyro, .uyit, .btnw, .maos, .matu, .mppn, .mbtf, .bttu, .btos, .bpsm, .znto, .znsm, .isal, .iswr, .isza, .manw, .bpto, .bpws, .zoqw, .zouu, .poqw, .pouu and others. The first thing you must do if you got infected by this ransomware is to remove DJVU ransomware virus from the system. If you do not know how to do it safely, read instructions provided below the article. REPAIR VIRUS DAMAGE
Distribution techniques used to spread this ransomware threat
In general, ransomware viruses are executable files that can be obfuscated and transmitted to victims’ computers using a variety of methods. For instance, the executable file, which delivers the malicious payload, can arrive in a ZIP file or can come in a form of a JavaScript file which downloads and runs the ransomware on a computer. Speaking of Djvu ransomware, its distribution methods include malicious email spam, infected websites, illegal downloads (such as KMSPico activator, key generators or cracks), or vulnerabilities in software or operating system installed on a computer. Speaking of ransomware prevention, the best way to protect yourself is to keep your OS up to date, as well as software installed on your PC. In addition, don’t forget to bypass suspicious websites online, unexpected emails with attachments or links and never look at illegal downloads. Finally, we suggest reading about more sophisticated ransomware distribution techniques used in MAZE or MATRIX ransomware attacks.
Decrypt STOP/DJVU-encrypted files (148 extensions supported)
Victims of this ransomware can recover their files for free using Emsisoft Decryptor for STOP DJVU 2023. Thanks to the hard work of Emsisoft and Michael Gillespie, victims can decrypt their files without paying a ransom to the cybercriminals. The said tool works for over 148 DJVU ransomware variants out of over 200. The decryptor can decrypt files encrypted by certain ransomware versions (see file extension list below). Most of the decryption is available for victims who were affected by offline keys or are able to get exact original encrypted data copies.
STOP/DJVU decryptor supported extensions list (2023 January)
.hets, .msop, .kodg, .mbed, .peet, .gero, .hese, .seto, .peta, .meds, .domn, .nols, .werd, .coot, .derp, .meka, .mosk, .bora, .reco, .kuub, noos, .nesa, .karl, .kvag, .moka, .shadow, .djvu, .djvur, .djvuu, .udjvu, .uudjvu, .djvuq, .djvus, .djvur, .djvut, .pdff, .tro, .tfude, .tfudet, .tfudeq, .godes, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promorad, .radman, .ferosas, .rectot, .rezuc, .stone, .skymap, .mogera, .redmat, .lanset, .davda, .poret, .pidom, .pidon, .heroset, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .truke, .dalle, .lotep, .nusar, .litar, .besub, .cezor, .lokas, .budak, .vusad, .herad, .berosuce, .gehad, .gusau, .madek, .darus, .tocue, .lapoi, .todar, .dodoc, .bopador, .novasof, .ntuseg, .ndarod, .access, .format, .nelasod, .mogranos, .cosakos, .nvetud, .lotej, .kovasoh, .prandel, .zatrov, .masok, .brusaf, .londec, .krusop, .mtogas, .nasoh, .nacro, .pedro, .nuksus, .vesrato, .masodas, .cetori, .stare, .carote, .gero, .hese, .seto, .peka, .puma, .pumax, .pumas, .DATAWAIT, .INFOWAIT, .promock, .promok, .promorad2, .kroput, .kroput1, .pulsar1, .kropun1, .charck, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .vorasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .berost, .forasom, .fordan, .codnat, .codnat1, .bufas, .dotmap. If your encrypted files were marked with one of the listed extensions, see the guide on how to decrypt files locked by STOP/DJVU ransomware.
How to identify if files were encrypted with offline or online keys
STOP/DJVU ransomware first tries to connect to a remove Command & Control server. If it succeeds, it requests an unique encryption key to use on victim’s files. This is called online encryption method. However, in case there are connectivity issues, and the ransomware fails to connect to the remote server to get the online key, it uses an offline key which is coded into the virus itself. This key is the so-called offline encryption key, and there is only one decryption key for it. Once someone also affected with offline key pays for the decryption key and shares it with cybersecurity experts, the decryption tool can be updated. Therefore, it is impossible to say how long you’ll have to wait for decryption, since it is unknown when someone’s going to share the key with the cybersecurity experts. The offline encryption cases are also considered more rare than online cases. IMPORTANT: For the newer DJVU versions starting from August 2019, the majority of files can only be decrypted if they were ciphered with an OFFLINE key. You should check your personal IDs in C:\SystemID\PersonalID.txt file. If any of the keys end with t1, it means an offline key was used. However, it takes time for the researchers to extract offline keys, so be patient. A simple example for RECO file extension virus: if personal ID is hvKVwn4fNn8A1rpjC19CUFmS1ySGycmqdrz89zt1, data can be decrypted. Additionally, the newest versions such as .boop, .nile, .vari cannot be decrypted at the moment. Please keep in mind that there is no Emsisoft Decryptor for STOP DJVU Online Key encryption.
Some DJVU encrypted files can be repaired
Good news for STOP/DJVU ransomware victims is that DiskTuna has released a small file repair tool (repair – not decrypt, so some data loss is expected). The tool allows to repair MP3, WAV, MP4, 3GP, MOV, M4V format files. This can be done due to the fact that the ransomware encrypts only the first 150 KB of file, therefore audio and video files can be repaired and still play, although some data loss at the beginning is expected. The tool requires a reference file to work, so an example file must be created on the same device using same settings (such as shot on a camera with replicated settings used to create encrypted file). Currently, the tool fails to work with extremely large files, but update is expected to roll out shortly. The tool was made available to the public thanks to work of researchers Nguyễn Vũ Hà and Joep van Steen. You can read more about the tool usage in this guide or on the official DiskTuna’s blog.
Avoid fake STOP/DJVU decryptors used to spread ZORAB ransomware
How to decrypt djvu files, stop ransomware decryptor and other terms are the most popular search queries among victims of this ransomware. That said, criminals know that the victims are desperate to restore their files and will download anything that can help even a little. However, if you are a victim of this cyber attack, you should know that developers of another ransomware, namely ZORAB, are using fake STOP/DJVU decryption tool download link to spread its own malware. In other words, imagine a poor victim trying to find a tool that helps and downloading it, only to have his/hers own corrupted files encrypted twice. The fake Decrypter DJVU tool asks to enter victim’s personal ID and extension of the virus, then click the button Start Scan. However, once the victim clicks the button, the virus will extract crab.exe executable and saves it to the %Temp% folder. The ransomware is an executable for ZORAB ransomware and will start encrypting victim’s files, adding .zrb or another extension to target files. The ransom notes dropped by this virus are called –-DECRYPT–ZORAB.txt.ZRB.
Remove DJVU ransomware and decrypt your files
STOP/DJVU ransomware removal is an essential part of protecting your PC after a cyber attack. For this reason, please follow the guidelines given below to eliminate the described virus from your computer successfully. You must remove DJVU ransomware virus along with other malware it installs, therefore we recommend using a good anti-malware or antivirus software to wipe remains of bad software from your computer. Our team suggests using VB100 certified software – INTEGO Antivirus. To repair virus damage on Windows OS default files, consider installing RESTORO. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here. This post was first published on August 13, 2019, and updated on January 5th, 2023.
Method 1. Enter Safe Mode with Networking
Before you try to remove STOP/DJVU ransomware virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, if you prefer a video version of the tutorial, check our guide How to Start Windows in Safe Mode on Youtube. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users Now, you can search for and remove STOP/DJVU ransomware files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable security program such as INTEGO Antivirus. For virus damage repair, consider using RESTORO.
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Alternative software recommendations
Malwarebytes Anti-Malware Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Decrypt STOP/DJVU-encrypted files
Fix and open large STOP/DJVU-encrypted files easily:
It is reported that STOP/DJVU ransomware versions encrypt only the beginning 150 KB of each file to ensure that the virus manages to affect all files on the system. In some cases, the malicious program might skip some files at all. That said, we recommend testing this method on several big (>1GB) files first.
STOP/DJVU decryption tool usage guide
STOP/DJVU ransomware versions are grouped into old and new variants. STOP/DJVU ransomware is considered the new STOP/DJVU variant, just like BPTO, ISWR, ISZA, BPSM, ZOUU, MBTF, ZNSM (find full list here). This means full data decryption is now possible only if you have been affected by offline encryption key. To decrypt your files, you will have to download Emsisoft Decryptor for STOP DJVU, a tool created and maintained by a genius security researcher Michael Gillespie. Note! Please do not spam the security researcher with questions whether he can recover your files encrypted with online key - it is not possible. In order to test the tool and see if it can decrypt STOP/DJVU-encrypted files, follow the given tutorial.
Meanings of decryptor’s messages
The STOP/DJVU-encrypted decryption tool might display several different messages after failed attempt to restore your files. You might receive one of the following messages: Error: Unable to decrypt file with ID: [example ID] This message typically means that there is no corresponding decryption key in the decryptor’s database. No key for New Variant online ID: [example ID]Notice: this ID appears to be an online ID, decryption is impossible This message informs that your files were encrypted with online key, meaning no one else has the same encryption/decryption key pair, therefore data recovery without paying the criminals is impossible. Result: No key for new variant offline ID: [example ID]This ID appears to be an offline ID. Decryption may be possible in the future. If you were informed that an offline key was used, but files could not be restored, it means that the offline decryption key isn’t available yet. However, receiving this message is extremely good news, meaning that it might be possible to restore your STOP/DJVU-encrypted extension files in the future. It can take a few months until the decryption key gets found and uploaded to the decryptor. We recommend you to follow updates regarding the decryptable DJVU versions here. We strongly recommend backing up your encrypted data and waiting.
Report Internet crime to legal departments
Victims of STOP/DJVU ransomware should report the Internet crime incident to the official government fraud and scam website according to their country:
In the United States, go to the On Guard Online website.In Australia, go to the SCAMwatch website.In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website.In Ireland, go to the An Garda Síochána website.In New Zealand, go to the Consumer Affairs Scams website.In the United Kingdom, go to the Action Fraud website.In Canada, go to the Canadian Anti-Fraud Centre.In India, go to Indian National Cybercrime Reporting Portal.In France, go to the Agence nationale de la sécurité des systèmes d’information.
If you can’t find an authority corresponding to your location on this list, we recommend using any search engine to look up “[your country name] report cyber crime”. This should lead you to the right authority website. We also recommend staying away from third-party crime report services that are often paid. It costs nothing to report Internet crime to official authorities. Another recommendation is to contact your country’s or region’s federal police or communications authority.