DJVU and Tro STOP ransomware variants have been seen a lot over the past month, the new Rumba variant is similar but it adjoins its .rumba extension to a file once it’s encrypted. It is currently being dished out through adware bundles and software cracks.
Software cracks used by websites typically enable adware bundles to help gain revenue. One of the bundles has begun utilizing STOP ransomware. After the ransomware is set up, .rumba begins to encrypt files. The folders that end up with the encrypted files are left with a ransom note titled “openme.txt” which will guide a user on how to get ahold of the attacker in an effort to pay the ransom.
Software cracks that are known to be installing this ransomware are KMSPico, Cubase, Photoshop, antivirus software, and cracks for various of software. A decryptor has been released that gives users the ability to recover their files without paying an attacker.
To receive daily threat intelligence updates and analysts notes, sign up for Threat Watch by Binary Defense
Our Counterintelligence Team gathers information and conducts operations to identify threats to an organization so that they can better protect against malicious activity. We accomplish this by combining advanced technology with skilled and experienced intelligence specialists. Our goal is to protect your data, your brand and your people.