The research team at MalwareHunterTeam has discovered that there is a fake ransomware decryptor that's going around online where its sole purpose is to make victims of ransomware have more problems than they had in the first place.
This fraudulent ransomware decryptor is a predator that targets users that are already infected with the ransomware called STOP Djvu. The ransomware targets individual people, unlike the more prominent ransomware viruses that target businesses.
Researchers have found that using the ransomware decryptor will make the victim suffer from another ransomware attack. The fake decryptor disguises itself as a decryptor of the STOP Djvu ransomware.
The fake decryptor is another ransomware known as Zorab. It infects the device of the user and applies an additional level of encryption onto the user's files. This double file encryption is kicking the user while they're already down.
What Is The Fake Ransomware Decryptor And What Does It Do?
The fake ransomware decryptor made itself look like it would decrypt your files affected by the ransomware called STOP Djvu. STOP Djvu is a strain of ransomware that is currently circulating the internet. It has infected more victims than some of the most notorious ransomware strains, including DoppelPaymer, Netwalker, Sodinokibi, and Maze.
The ransomware is hidden deep inside infected software cracks. More than 600 people fall victim to it every single day, making it one of the most circulated ransomware strains in over a year.
Previously, there have been older versions of the STOP Djvu decryptors that you can get online for free and they worked perfectly fine. This trust in the older versions would have led victims to trust the fake one since they wouldn't have known to check if it was a fake decryptor.
When a user downloads the fake decryptor and attempts to activate it, the fake ransomware decryptor extracts an executable that was hidden inside. The executable crab.exe will install the ransomware called Zorab. Zorab will encrypt data a second time after the first round and it puts a ransom note in every folder that has an encrypted file.
The ransom note placed within the folders of encrypted files will demand that the victim buy a decryptor from the operator of the ransomware, and it warns them against using a third-party decryptor to try and decrypt the files without paying.
Emsisoft, a security firm, has released a free genuine Zorab decryptor. This decryptor can help users take back their files and decrypt them. But this decryptor won't get rid of the first malware, the initial STOP Djvu malware.
What Is Ransomware?
Malware that locks you out from getting into your computer or locks your files behind encryption until you pay a ransom is known as ransomware. Most of the time, ransomware will encrypt your files. You will see ransomware distributed as a disguised file.