Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Adware Installers Using Rumba Variant STOP

DJVU and Tro have been seen a lot over the past month, the new Rumba variant is similar but it adjoins its .rumba extension to a file once it’s encrypted. It is currently being dished out through adware bundles and software cracks. Software cracks used by websites typically enable adware bundles to help gain revenue. One of the bundles has begun utilizing STOP ransomware. After the ransomware is set up, .rumba begins to encrypt  files. The folders that end up with the encrypted files are left with a ransom note titled “openme.txt” which will guide a user on how to get ahold of the attacker in an effort to pay the ransom. Software cracks that are known to be installing this ransomware are KMSPico, Cubase, Photoshop, antivirus software, and cracks for various of software. A decryptor has been released that gives users the ability to recover their files without paying an attacker.

Analyst Notes

Users should be cautious when operating on sites that use adware. If a user becomes a victim of this ransomware they should attempt to use the decryptor tool as a means of recovering their files. Do not give out personal information to an attacker should this situation occur.