New ransomware is being seen that advertises itself as a decrypter for the STOP Djvu ransomware, one of the most popular ransomware threats used against home users, but it actually adds a second level of encryption. This new ransomware, called Zorab, shows a phony site providing a program that prompts ransomware victims to enter their information and click “Start Scan.” The program extracts another executable file called crab.exe and saves it to the %Temp% folder on the infected computer. This new executable then encrypts the already encrypted files adding even more trouble for the victim and yet another ransom payment. Zorab also creates a note that gives the user instructions on how to pay the attackers to get their data back. Currently, Zorab is being analyzed for possible flaws that would allow victims to recover files without paying the attackers.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security