Fake STOP/DJVU decryptor malware: What it is, how it works and how to prevent it

Introduction

Imagine a situation where criminals steal access to your property. They offer you a seemingly valid solution in the way of a tool that will give you your access back. But you use that solution and yet you still do not have access? Welcome to the nightmarish world of STOP/DJVU — a ransomware that offers you a fake decrypting solution that is simply a furtherance of their cyberattack. 

This article will detail the Fake STOP/DJVU decryptor malware and will explore what it is, how it works and how it can be prevented from infecting your system.

What is STOP/DJVU?

STOP/DJVU, sometimes known as Zorab, is a malware that is generally ignored by the malware research community. This seems ludicrous at first, as STOP/DJVU impacts more users than the other top malwares combined and has been the most widely distributed ransomware over the last year. In fact, STOP/DJVU accounts for 60-70% of all ransomware submissions per day coming from “the wild”.

Operators of STOP/DJVU target desperate home users that cannot afford the $500+ ransom payment to decrypt their encrypted files. Therein lies the pleasure point for attackers and pain point for impacted users — the attackers know home users probably do not have enough disposable income to purchase a legitimate decryptor tool, and the user thinks they have found a good deal online. (Sadly, they have not.)

The idea behind the STOP/DJVU fake decryptor is for users to become infected by the ransomware and then seek a decryptor tool online. It should be noted that the STOP/DJVU fake decryptor is advertised as being able to decrypt STOP/DJVU for free. If the user is actually duped into downloading and installing the STOP/DJVU decryptor malware, their files will be “double encrypted” or encrypted a second time. Restoring those files will (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: https://resources.infosecinstitute.com/fake-stop-djvu-decryptor-malware-what-it-is-how-it-works-and-how-to-prevent-it/