STOP Ransomware Delivered through Software Vulnerabilities

STOP ransomware, a crypto-ransomware variation that utilizes the .rumba file extension on encoded files, is being transported through software vulnerabilities.

Software cracking programs that produce licenses for standard software programs are normally used to transport malware. The executable files frequently fit spyware and adware code during the cracking procedure and although it is known for other malware to be fitted when the programs are run, it is comparatively unusual for ransomware to be fitted.

However, one provider of cracks has included STOP ransomware to numerous software cracking programs that create license codes for Windows, Photoshop, Cubase, KMSPico, and antivirus software. The malevolent cracks are being dispersed across several sites.

The ID Ransomware facility has received 304 submissions of new STOP ransomware infections in January 2019, even though there are likely to be several more sufferers.

STOP Ransomware was first recognized in December 2017 and is repeatedly updated. A new type of the ransomware is issued nearly every month, each with a new file extension. The latest variant utilizes the .rumba extension, others include .puma, .keypass, .shadow, .pumax, .tro, and .djvu.

The ransom demands are changeable but are typically in the range of $300-$600 per infected appliance. Several different techniques are used to disperse the ransomware. Besides cracks, infections have happened as a consequence of brute force attacks, drive-by downloads from compromised websites, abuses of unpatched vulnerabilities, and spam electronic mails.

Although no free decryptor is available that can ensure recovery without paying the ransom, Michael Gillespie has created a decryptor that can be used free of charge that might allow sufferers to recover their files. Details can be found in this post.