Despite having been ‘in the wild’ for some weeks now, infections caused by STOP ransomware have continued to rise. Perhaps somewhat ironically, those most affected (at the moment) appear to be software pirates.
Security analysts have discovered the STOP executable is being bundled with adware installers, commonly found on websites hosting warez and software licensing cracks. As well as downloading illegal software, users may also be downloading – and installing – malware on their computer.
Much worse than adware
Although they exhibit virus-like behaviours, adware is usually more of an annoyance. But once compromised by STOP, the annoyance becomes a serious problem.
Once installed, STOP quickly encrypts all of the user’s documents, changing the filename to .djvu, .tro or .rumba. Once encrypted, the file is completely inaccessible. The malware also creates a text file (called _openme.txt) in each affected folder, explaining that the machine is infected and the user cannot access their data until they pay a ransom of $980. If the user pays within 72 hours of infection, the cost is reduced to $490.
The text file also contains a ‘personal ID’ which the hackers claim is used to generate the decryption key needed to restore access to affected files. Without decryption, the user cannot access any of their files or photos.
What if I have been infected by STOP?
Tampering with the encrypted files may permanently damage them, and the chances of guessing the correct decryption key are virtually zero. The only sure way to regain access to your data is to restore everything from backup.
Restoring data is time consuming and (sometimes) complicated – and you need a full backup of all your files and applications too. If you do not currently backup your data NOW is the time to start.
Alternatively, you could pay the ransom. Bear in mind however that you are dealing with criminals who may increase the ransom again. Or steal your money without supplying a decryption key at all.
Some technical sources suggest that STOP can be reversed, but you will need to seek advice from an expert. As always, these services are unlikely to offer any form of guarantee of success and you could still lose all your data.
Precautions to take:
– Install anti-malware protection
– Avoid warez and crack websites
– Take regular backups
Ransomware is very effective because it targets people who aren’t prepared. By installing anti-malware tools, checking your web surfing behaviour and performing routine data backups, you stand a very good chance of avoiding STOP infections.
Source: Panda Security