The stop ransomware uses AES encryption and adds one of more than 20 different extensions to infected files. The malware was discovered in late 2017, with new variants appearing in the threat landscape throughout 2018 and into 2019. The ransom note for some variants claims to grant the victim a 50 percent discount if the threat actor is contacted via email within 72 hours.