Beware of Fake Ransomware Decryption Tools

Published at: June 7, 2020

As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate.

According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware.

When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB extension.

Double-encryption files

Speaking with Cointelegraph, Brett Callow, threat analyst of the malware lab Emsisoft, says that STOP is the most prevalent ransomware by far. He states that it accounts for approximately one-half of all incidents:

“Unfortunately, criminals often create fake versions of popular software in order to spread malware, and they have now created a fake version of our decryptor to do just that. Running the fake tool will not recover data that was encrypted by STOP, it will actually encrypt it for a second time.”

Callow refers to one of several free tools launched recently by Emsisoft. These tools allow people to decrypt files affected by specific ransomware variants.

Emsisoft’s threat analyst issued the following warning to the public:

“This illustrates why people should exercise caution when downloading software and apps and ensure it has come from a reputable and trustworthy source. Similarly, cracks, activators, and keygens should be avoided as these are also frequently used to spread ransomware and other malware.”

Latest free ransomware decryptor tools released

Cointelegraph recently conducted extensive coverage on different free ransomware decryptors launched by various tech companies.

On June 3, Spain-based telecommunications conglomerate, Telefónica, released a free tool to recover data encrypted by the VCryptor ransomware.

Emsisoft also launched a free decryptor tool on June 4, which enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom.

Tags
Related Posts
Ransomware Attack Exposes 1.5TB of Stolen Aerospace Data
ST Engineering Aerospace’s US subsidiary suffered a ransomware attack that managed to extract about 1.5TB of sensitive data from the firm and its partners. According to an article published by The Straits Times on June 6, the Singapore-based company was allegedly attacked by the well-known ransomware gang Maze in March, citing an analysis by cybersecurity firm, Cyfirma. The report details that the data stolen by the criminals is related to contract details with various government, organizations, and airlines across the globe. No additional details were provided on its content. Undetectable for common antiviruses software Cointelegraph had access to an internal …
Technology / June 7, 2020
Another Free Ransomware Decryptor Released
Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom. Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files. How does Tycoon work Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said: “Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on …
Technology / June 6, 2020
Your Passwords Could Be For Sale on the Dark Web Right Now
A recent study revealed that over 15 billion credentials are in circulation via the dark web, representing a 300% increase since 2018. Available information ranges from network access credentials, banking login data, and even streaming services accounts from Netflix. According to research conducted by the cybersecurity firm Digital Shadows, part of the leaked data is even circulating for free. The report warns that the reason that so many account credentials are available online is that people are using non-complex passwords that can be easily brute-forced using hacking tools. Access to corporate networks as an open door for ransomware attacks Among …
Technology / July 10, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022