A counterfeit decryptor for the STOP Djvu Ransomware is being circulated that baits already distressed people with the promise of free decryption. Rather than getting their files back for free, they are affected by another ransomware that exacerbates their situation.
Ransomware operations such as Maze, REvil, Netwalker, and DoppelPaymer typically garner extensive media attention because of their high-value victims; however, another ransomware dubbed STOP Djvu is regularly infecting a large number of people regularly.
STOP ransomware is the most aggressively circulated ransomware over the past year, with over 600 submissions a day to the ID-ransomware identification service.
One wonders if the ransomware is so prevalent, why it doesn’t get a lot of attention. The answer: the ransomware typically hits home users infected through adware bundles playacting to be software cracks.
While downloading and installing cracks is not justifiable, many of those who get infected are unable to pay a $500 ransom for a decryptor.
A victim’s data is double-encrypted by Zorab
Regrettably, this is what a new ransomware called Zorab found by Michael Gillespie is doing.
The makers of the Zorab ransomware have come up with a fake STOP Djvu decryptor that does not recover any files for free; instead, it encrypts all of the victim’s already encoded data with another ransomware.
When a frantic user enters their information in the deceptive decryptor and clicks on ‘Start Scan,’ the program pulls out another executable called crab.exe and saves it to the %Temp% folder.
This ransomware is presently being examined, and users should not pay the ransom until it is established no flaw can be used to recover Zorab encoded files for free.