Forwarded from BlackBox (Security) Archiv
Fake ransomware decryptor double-encrypts desperate victims' files
A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.
While ransomware operations such as Maze, REvil, Netwalker, and DoppelPaymer get wide media attention due to their high worth victims, another ransomware called STOP Djvu is infecting more people then all of them combined on a daily basis.
With over 600 submissions a day to the ID-Ransomware ransomware identification service, STOP ransomware is the most actively distributed ransomware over the past year.
Emsisoft and Michael Gillespie had previously released a decryptor for older STOP Djvu variants, but newer variants cannot be decrypted for free.
If the ransomware is so common, you may be wondering why it doesn't get much attention?
The lack of attention is simply because the ransomware mostly affects home users infected through adware bundles pretending to be software cracks.
While downloading and installing cracks is not excusable, many of those who are infected simply cannot afford to pay a $500 ransom for a decryptor.
Double-encrypting someone's data with a second ransomware is just kicking someone while they are already down.
ππΌ Read more:
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/
https://twitter.com/demonslay335/status/1268908281151586304
https://www.golem.de/news/zorab-schadsoftware-ransomware-tarnt-sich-als-entschluesselungs-tool-2006-148959.html
#zorab #Djvu #fake #ransomware #decryptor
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.
While ransomware operations such as Maze, REvil, Netwalker, and DoppelPaymer get wide media attention due to their high worth victims, another ransomware called STOP Djvu is infecting more people then all of them combined on a daily basis.
With over 600 submissions a day to the ID-Ransomware ransomware identification service, STOP ransomware is the most actively distributed ransomware over the past year.
Emsisoft and Michael Gillespie had previously released a decryptor for older STOP Djvu variants, but newer variants cannot be decrypted for free.
If the ransomware is so common, you may be wondering why it doesn't get much attention?
The lack of attention is simply because the ransomware mostly affects home users infected through adware bundles pretending to be software cracks.
While downloading and installing cracks is not excusable, many of those who are infected simply cannot afford to pay a $500 ransom for a decryptor.
Double-encrypting someone's data with a second ransomware is just kicking someone while they are already down.
ππΌ Read more:
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/
https://twitter.com/demonslay335/status/1268908281151586304
https://www.golem.de/news/zorab-schadsoftware-ransomware-tarnt-sich-als-entschluesselungs-tool-2006-148959.html
#zorab #Djvu #fake #ransomware #decryptor
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
BleepingComputer
Fake ransomware decryptor double-encrypts desperate victims' files
A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situationβ¦