Creators behind Zorab ransomware launched a fake tool that double-encrypts files affected by the attack.
As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate.
According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware.
When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB extension.
Double-encryption files
Speaking with Cointelegraph, Brett Callow, threat analyst of the malware lab Emsisoft, says that STOP is the most prevalent ransomware by far. He states that it accounts for approximately one-half of all incidents:
“Unfortunately, criminals often create fake versions of popular software in order to spread malware, and they have now created a fake version of our decryptor to do just that. Running the fake tool will not recover data that was encrypted by STOP, it will actually encrypt it for a second time.”
Callow refers to one of several free tools launched recently by Emsisoft. These tools allow people to decrypt files affected by specific ransomware variants.
Emsisoft’s threat analyst issued the following warning to the public:
“This illustrates why people should exercise caution when downloading software and apps and ensure it has come from a reputable and trustworthy source. Similarly, cracks, activators, and keygens should be avoided as these are also frequently used to spread ransomware and other malware.”
Latest free ransomware decryptor tools released
Cointelegraph recently conducted extensive coverage on different free ransomware decryptors launched by various tech companies.
On June 3, Spain-based telecommunications conglomerate, Telefónica, released a free tool to recover data encrypted by the VCryptor ransomware.
Emsisoft also launched a free decryptor tool on June 4, which enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.