RateLimited°C
11-05-2024
BSV
$46.53
Vol 18.61m
0.11%
BTC
$68776
Vol 45130.38m
0.02%
BCH
$339
Vol 268.5m
0.19%
LTC
$65.36
Vol 351.63m
-1.91%
DOGE
$0.17
Vol 3761.07m
8.75%
Getting your Trinity Audio player ready...

A fake decryptor tool has reportedly been duping ransomware victims and leading them into deeper trouble. Once the victims install the tool to decrypt their files, it encrypts them even further.

The tool poses as a decryptor for STOP Djvu, one of the most prevalent ransomware in the world. Known as Zorab, it was discovered by cyber security expert Michael Gillespie.

Once a user starts to scan their files hoping to decrypt them, Zorab extracts an executable file, crab.exe, and saves it. When it executes, the malware encrypts the user’s data, appending the .ZRB extension to the files’ names.

Zorab also creates ransom notes with instruction on what to do to recover the files, Bleeping Computer reports. Part of the note states, “The only method of recovering files is to purchase a decrypt tool and a unique key. This tool will decrypt all your encrypted files.”

It then warns the users against attempting to use any other decryption method. The users can send two files for free decryption as a show of good faith. It also provides the email to which they should write and ask for further direction.

According to the report, STOP Djvu is by far the most popular ransomware in the world. It infects more computers than DoppelPaymer, Maze, Netwalker and most major ransomware operators combined. On ID Ransomware, a tool developed by Gillespie that identifies ransomware, it gets over 600 related submissions per day.

STOP Djvu has, however, not received much attention. This is mainly because unlike its peers who target large corporations, it targets the common users. It also refrains from targeting American users, instead focusing on Europe and Asia. Its ransom demand averages $500.

As CoinGeek reported, ransomware attacks have continued despite the pandemic. Last month, Nefilim ransomware attacked Australian shipping giant Toll Group, leading to the shutdown of some of its essential services. It also attacked MAS Holdings, a Sri Lankan company that manufactures lingerie for singer Beyoncé and Victoria’s Secret.

Recommended for you

How to construct transactions on BSV blockchain with Python
Python coders, it's time to start learning how to build Bitcoin transactions as nChain's Senior Software Engineer, Arthur Gordon, recently...
November 5, 2024
BSV Association joins OnlyDust’s developer event sponsor list
OnlyDust is a network for open-source developers working with blockchain and decentralized projects; its purpose is to connect contributors, maintainers,...
October 23, 2024
Advertisement
Advertisement
Advertisement