Despite having been ‘in the wild’ for some weeks now, infections caused by STOP ransomware have continued to rise. Perhaps somewhat ironically, those most affected (at the moment) appear to be software pirates.
Security analysts have discovered the STOP executable is being bundled with adware installers, commonly found on websites hosting warez and software licensing cracks. As well as downloading illegal software, users may also be downloading – and installing – malware on their computer.
Much worse than adware
Although they exhibit virus-like behaviours, adware is usually more of an annoyance. But once compromised by STOP, the annoyance becomes a serious problem.
Once installed, STOP quickly encrypts all of the user’s documents, changing the filename to .djvu, .tro or .rumba. Once encrypted, the file is completely inaccessible. The malware also creates a text file (called _openme.txt) in each affected folder, explaining that the machine is infected and the user cannot access their data until they pay a ransom of $980. If the user pays within 72 hours of infection, the cost is reduced to $490.
The text file also contains a ‘personal ID’ which the hackers claim is used to generate the decryption key needed to restore access to affected files. Without decryption, the user cannot access any of their files or photos.
What if I have been infected by STOP?
Tampering with the encrypted files may permanently damage them, and the chances of guessing the correct decryption key are virtually zero. The only sure way to regain access to your data is to restore everything from backup.
Restoring data is time consuming and (sometimes) complicated – and you need a full backup of all your files and applications too. If you do not currently backup your data NOW is the time to start.
Alternatively, you could pay the ransom. Bear in mind however that you are dealing with criminals who may increase the ransom again. Or steal your money without supplying a decryption key at all.
Some technical sources suggest that STOP can be reversed, but you will need to seek advice from an expert. As always, these services are unlikely to offer any form of guarantee of success and you could still lose all your data.
Protecting against STOP ransomware infections
Preventing STOP ransomware infections is possible if you do the following:
- Install anti-malware protection. Panda Dome Advanced provides security tools that block STOP and other ransomware from installing on your computer. Download a free trial now to get started.
- Avoid warez and crack websites. Using warez to steal software is illegal – and these sites are notorious for hosting malware anyway. Paying for some software may be expensive, but it is far cheaper than losing all your files to a virus. Panda Dome can also be configured to block access to warez sites to protect you and your family.
- Take regular backups. Windows 10 and Mac OS both make it incredibly easy to take full backups of your machine. Once configured, your computer will take care of the rest. If something does go wrong in the future, you will have a copy of all your files ready to restore quickly.
Ransomware is very effective because it targets people who aren’t prepared. By installing anti-malware tools, checking your web surfing behaviour and performing routine data backups, you stand a very good chance of avoiding STOP infections.
Computer “pirates” are not stupid and won’t catch ransomware. Just wanna-be pirate torrent kiddos, who don’t have important docs to begin with.
I came infected with STOP(Fake FBI) throu app PornHub(it down loaded it self).After trying several removable. App I found it was in my SD card. Lucky, safe moded unload it. It did not get in my phone. Here name of the app… PornHub video player
i have problem with this malware, : grovat,
it encrypt my documents
Please try to run Panda Cloud on your machine: https://www.pandasecurity.com/homeusers/solutions/cloud-cleaner/
We hope this helps!
what solution with : grovat extension ;
my files are infected by this ; ok
Please contact technical support on https://www.pandasecurity.com/support/#homeusers
Our team will be able to help.