Fake ransomware decryption tool double-encrypts user files

STOP Djvu decryptor encrypts a ransomware victim’s files with more ransomware

Security experts have warned about a fake ransomware decryption tool has double-encrypts user files. 

Bleeping Computer reports that the creators of Zorab ransomware released a fake STOP Djvu decryptor, which encrypts a ransomware victim’s files with a second ransomware.

When someone opens the fake decryptor tool, it extracts crab.exe, an executable file that is the Zorab ransomware. It then encrypts all files with a .ZRB extension. According to Brett Callow, threat analyst with Emsisoft, STOP accounts for about half of all fake decryptor downloads.

“Unfortunately, criminals often create fake versions of popular software in order to spread malware, and they have now created a fake version of our decryptor to do just that,” said Callow.

“Running the fake tool will not recover data that was encrypted by STOP, it will actually encrypt it for a second time.”

Several tech companies have launched legitimate tools that decrypt files infected by ransomware. For example, Emsisoft’s free tool allows victims to recover files encrypted by Tycoon ransomware, while Telefónica’s free tool recovers data encrypted by VCryptor ransomware.

“This illustrates why people should exercise caution when downloading software and apps and ensure it has come from a reputable and trustworthy source,” warned Callow. “Similarly, cracks, activators, and keygens should be avoided as these are also frequently used to spread ransomware and other malware.”

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

9 Apr 2021
FBI shuts down web shells in hacked Exchange servers
cyber security

FBI shuts down web shells in hacked Exchange servers

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021