HomeNewsZorab ransomware Impersonates STOP Djvu ransomware decryptor

Zorab ransomware Impersonates STOP Djvu ransomware decryptor

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

A new ransomware strain known as “Zorab” has been discovered to be impersonating STOP Djvu ransomware and being distributed as a decryptor from the STOP Djvu family according to Michael Gillespie, founder of Ransomware ID service.

While this masquerading decryptor promises free decryption for Djvu infected files, Instead, the victims are infected with another ransomware making their situation worse off. Most of its attacks have been carried out through cracked software, shady websites, and adware bundles.

Kaspersky, a leading cybersecurity firm reports that Zorab is targeting consumers by magnifying the challenges currently being faced by victims of Djvu ransomware which encrypts and assign data extension depending on the version option including .djvus, .djvu, .uudjvu, .djvuu, and tfunde to altered files.

The developers of Zorab unleased a utility that purportedly decrypts these files, rather it encrypts them all over again using shady websites.

This fake decryptor extracts a copy of crab.exe which is another program (but does not belong to the GandCrab ransomware family) rooted within it as a data resource. Then writes crab.exe into your TEMP folder, then launches it before deleting itself.

Back in January 2019, STOP used adware installers disguised as cracks as a new method of distributing itself to unsuspecting users. According to a report from NakedSecurity, it was found that with over 600 submissions a day to the ID-Ransomware ransomware identification service, STOP ransomware is the most actively distributed ransomware over the past year.

Below are the tips on how you can take precautions:

  • Protect yourself by desisting from clicking on strange weblinks
  • Do not download software from untrusted sources or not requested for even if sent to you by seemingly known contact.
  • Do not open attachments contained in an email you were not expecting.
  • Always make use of a reputable anti-virus to scan your computer to block off or quarantine harmful ransomware, viruses, and malicious malware.
  • Regularly patch up your computer, also install security updates as soon as possible
  • Cultivate the habit of backing up your data consistently.

Get Kaspersky Antivirus


Noredia Imuwahen
Noredia Imuwahen
Business Administrator, Writer, Social media manager, and a content management enthusiast.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad

Subscribe to SecureBlitz Newsletter

* indicates required


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.