“In order to distribute STOP, the ransomware developers have teamed up with shady sites and adware bundles. These sites promote fake software cracks or free programs, which are really adware bundles that install a variety of unwanted software and malware onto a user’s computer”, — reports Michael Gillespie.
Ransomware ID is reported to receive approximately 2,500 ransomware attacks per day. About 60-70% of them are messages about STOP ransomware attacks, which leaves other ransomware far behind.
For distribution of STOP mainly used advertising bundles and suspicious sites. These resources are advertised by fake cracks and activators (for example, for KMSPico, Cubase, Photoshop or antiviruses) and free software, which is actually bundles of advertising that install various unwanted programs and malware on users’ machines. One such malware is STOP. Also in such bundles, for example, the Azorult Trojan is found.
Gillespie and Bleeping Computer experts note that the encryptor itself operates according to the classical scheme: it encrypts files, adds a new extension to them and places a ransom note on the infected machine (the malware requires $490, but the amount doubles in 72 hours to $980). However, to date, there are more than 159 STOP options that are known to researchers, and such a variety significantly complicates the situation.
Therefore, Gillespie made some progress in helping crypto victims recover files, and created the STOPDecryptor tool, which includes offline decryption keys used by the ransomware when it cannot contact the management server. The specialist also managed to help a number of users whose machines were encrypted using unique keys.
However, helping victims turned out to be a difficult task: sometimes ransomware authors released 3-4 versions a day, and thousands of people needed help at the same time. In addition, as a result, STOP encryption has changed, and Gillespie can no longer offer assistance to all victims.
Read also: Nemty ransomware developers continue to improve their malware
As a result, the help thread on the Bleeping Computer forum already has over 500 pages, and desperate users regularly ask Gillespie for help on social networks. Almost any tweet from the security researchers instantly received avalanche of pleas for help in decrypting files after a STOP attack.
Though some may say that victims created these problems themselves because they downloaded cracks, it is important to remember that we never want to let the ransomware developers generate ransom payments, as it only leads to more ransomware being created.
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…