News

Users are afraid to talk about the “STOP” — one of the most active ransomwares of this year

The Bleeping Computer publication drew attention to the STOP ransomware, which according to the ID Ransomware service, created by the famous information security expert Michael Gillespie, is one of the most active threats this year, along with Ryuk, GandCrab and Sodinkibi.

The prevalence of STOP is also confirmed by the extremely active forum Bleeping Computer, where victims seek help. However, they almost never talk or write about this encryptor. The fact is that this malware attacks mainly fans of pirated content and visitors of suspicious sites.

“In order to distribute STOP, the ransomware developers have teamed up with shady sites and adware bundles. These sites promote fake software cracks or free programs, which are really adware bundles that install a variety of unwanted software and malware onto a user’s computer”, — reports Michael Gillespie.

Ransomware ID is reported to receive approximately 2,500 ransomware attacks per day. About 60-70% of them are messages about STOP ransomware attacks, which leaves other ransomware far behind.

For distribution of STOP mainly used advertising bundles and suspicious sites. These resources are advertised by fake cracks and activators (for example, for KMSPico, Cubase, Photoshop or antiviruses) and free software, which is actually bundles of advertising that install various unwanted programs and malware on users’ machines. One such malware is STOP. Also in such bundles, for example, the Azorult Trojan is found.

Gillespie and Bleeping Computer experts note that the encryptor itself operates according to the classical scheme: it encrypts files, adds a new extension to them and places a ransom note on the infected machine (the malware requires $490, but the amount doubles in 72 hours to $980). However, to date, there are more than 159 STOP options that are known to researchers, and such a variety significantly complicates the situation.

Therefore, Gillespie made some progress in helping crypto victims recover files, and created the STOPDecryptor tool, which includes offline decryption keys used by the ransomware when it cannot contact the management server. The specialist also managed to help a number of users whose machines were encrypted using unique keys.

However, helping victims turned out to be a difficult task: sometimes ransomware authors released 3-4 versions a day, and thousands of people needed help at the same time. In addition, as a result, STOP encryption has changed, and Gillespie can no longer offer assistance to all victims.

Read also: Nemty ransomware developers continue to improve their malware

As a result, the help thread on the Bleeping Computer forum already has over 500 pages, and desperate users regularly ask Gillespie for help on social networks. Almost any tweet from the security researchers instantly received avalanche of pleas for help in decrypting files after a STOP attack.

Though some may say that victims created these problems themselves because they downloaded cracks, it is important to remember that we never want to let the ransomware developers generate ransom payments, as it only leads to more ransomware being created.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

15 hours ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

15 hours ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

15 hours ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

16 hours ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

19 hours ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

19 hours ago