DJVU and Tro STOP ransomware variants have been seen a lot over the past month, the new Rumba variant is similar but it adjoins its .rumba extension to a file once it’s encrypted. It is currently being dished out through adware bundles and software cracks.

Software cracks used by websites typically enable adware bundles to help gain revenue. One of the bundles has begun utilizing STOP ransomware. After the ransomware is set up, .rumba begins to encrypt  files. The folders that end up with the encrypted files are left with a ransom note titled “openme.txt” which will guide a user on how to get ahold of the attacker in an effort to pay the ransom.

Software cracks that are known to be installing this ransomware are KMSPico, Cubase, Photoshop, antivirus software, and cracks for various of software. A decryptor has been released that gives users the ability to recover their files without paying an attacker.

To receive daily threat intelligence updates and analysts notes, sign up for Threat Watch by Binary Defense