3/19/2021 0 Comments Stop Ransomware Decryptor
This tool can unlock user files, applications, databases, applets, and other objects encrypted by ransomware.This allows anyone in the security community who may have decryption keys and decryption logic to avoid the burden of developing a decryption framework.However, the fake decryptor actually infects the system with another ransomware that makes the situation even worse while no data can be recovered. 2.1. Zorab Ransomware Zorab is a ransomware pretending the STOP Djvu decryptor.Please enable javacript and reload the page, otherwise some function will not work properly.
Hackers are using it to encrypt files on the users device and demand ransom payments for file decryption. HKCERT has been continually monitoring ransomware trends, providing security advice to users. In the end of last year, it published a security blog titled New Trends of Ransomware, analysing seven relatively common ransomware families and ransomware trend at that time. Six months have passed with continued innovation in the attack tactic of ransomware threat actors being observed. In this blog post, two major trends in ransomware attack tactics, namely double extortion and fake decryptor, will be analysed. ![]() If a system is unfortunately locked by ransomware, users can recover their data from offline backup to resume operation. Given the effectiveness of these measures, ransomware gangs have started to use a new tactic, double extortion, to increase the chance of getting paid. Prior to encrypting the victims databases, the attackers would extract a large quantity of sensitive information, and request their victim to pay ransom. If the victim ignores ransom demands, some of the attackers will threaten to post the stolen information on the Internet to put additional pressure on their victims to pay the ransom. In other cases, instead of leaking data, some ransomware gangs might auction it for highest illegal return. In the past 6 months, a rise of ransomware attacks targeting high-profile companies which hold a large number of sensitive data has been observed. In Hong Kong, a large retail company 1 has encountered double extortion ransomware. Below are the two most active ransomware gangs using this tactic. Maze Ransomware The first reported case of double extortion tactic was used by Maze ransomware gang in November 2019. Then they threatened a large American security staffing company 2 to upload 5GB of its sensitive data on their dedicated data-leaking site if ransom is not paid. Maze ransomware gang actively attacks and collaborate with other ransomware gangs, namely the Lockbit gang and the Ragnar Locker gang, by publishing data stolen from other ransomware gangs. The Maze ransomware gang would first target managed service providers (MSPs) before extending their claws to clients of MSPs. Maze ransomware attacks involve leveraging phishing emails as well as brutal force attacks on remote desktop service. Once gaining initial access to target systems, attacks would follow by using remote shells, Windows Remote Management, to weaken the security control by modifying Group Policy in Active Directory, exfiltrate sensitive data, and deploy the ransomware. In early June, the operators behind REvil began auctioning data that claimed to be stolen from an agricultural company, and threatened more victims would face the same fate. ![]() Victims might suffer attack from another attack operators who bid leaked data in the auctions. For instance, attackers can conduct target phishing attacks on victims by using the leaked information. Fake Decryptor Searching for available decryptor might be the first attempt to recover data by victims whose device is encrypted by ransomware. Recently, a fake decryptor called STOP Djvu Ransomware has been distributed to lure victims with the promise of free decryption. However, the fake decryptor actually infects the system with another ransomware that makes the situation even worse while no data can be recovered. Zorab Ransomware Zorab is a ransomware pretending the STOP Djvu decryptor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |