Threat Intelligence: Adware Installers Using Rumba Variant STOP

The Counterintelligence Team

The Counterintelligence Team

Share on facebook
Share on twitter
Share on linkedin

DJVU and Tro STOP ransomware variants have been seen a lot over the past month, the new Rumba variant is similar but it adjoins its .rumba extension to a file once it’s encrypted. It is currently being dished out through adware bundles and software cracks.

Software cracks used by websites typically enable adware bundles to help gain revenue. One of the bundles has begun utilizing STOP ransomware. After the ransomware is set up, .rumba begins to encrypt  files. The folders that end up with the encrypted files are left with a ransom note titled “openme.txt” which will guide a user on how to get ahold of the attacker in an effort to pay the ransom.

Software cracks that are known to be installing this ransomware are KMSPico, Cubase, Photoshop, antivirus software, and cracks for various of software. A decryptor has been released that gives users the ability to recover their files without paying an attacker.

To receive daily threat intelligence updates and analysts notes, sign up for Threat Watch by Binary Defense

More Articles

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.