A new ransomware strain known as “Zorab” has been discovered to be impersonating STOP Djvu ransomware and being distributed as a decryptor from the STOP Djvu family according to Michael Gillespie, founder of Ransomware ID service.
While this masquerading decryptor promises free decryption for Djvu infected files, Instead, the victims are infected with another ransomware making their situation worse off. Most of its attacks have been carried out through cracked software, shady websites, and adware bundles.
Kaspersky, a leading cybersecurity firm reports that Zorab is targeting consumers by magnifying the challenges currently being faced by victims of Djvu ransomware which encrypts and assign data extension depending on the version option including .djvus, .djvu, .uudjvu, .djvuu, and tfunde to altered files.
The developers of Zorab unleased a utility that purportedly decrypts these files, rather it encrypts them all over again using shady websites.
This fake decryptor extracts a copy of crab.exe which is another program (but does not belong to the GandCrab ransomware family) rooted within it as a data resource. Then writes crab.exe into your TEMP folder, then launches it before deleting itself.
Back in January 2019, STOP used adware installers disguised as cracks as a new method of distributing itself to unsuspecting users. According to a report from NakedSecurity, it was found that with over 600 submissions a day to the ID-Ransomware ransomware identification service, STOP ransomware is the most actively distributed ransomware over the past year.
Below are the tips on how you can take precautions:
- Protect yourself by desisting from clicking on strange weblinks
- Do not download software from untrusted sources or not requested for even if sent to you by seemingly known contact.
- Do not open attachments contained in an email you were not expecting.
- Always make use of a reputable anti-virus to scan your computer to block off or quarantine harmful ransomware, viruses, and malicious malware.
- Regularly patch up your computer, also install security updates as soon as possible
- Cultivate the habit of backing up your data consistently.
- What Is Blitzkrieg Ransomware? And How To Remove It
- Introduction to Malware: What is it About – Sources, Signs and Impact?
- What is Adware? Signs, Effects, Common Examples and How to Remove it?
- Notorious TrickBot malware updated to evade detection
- Beware of Aarogya Setu Contact Tracing App clones - June 14, 2020
- Cybercriminals Hijack Black Lives Matter to Spread Zombie Malware - June 13, 2020
- UK to launch Huawei cyber security review amid US trade tensions - June 11, 2020