The fake decryption tool will actually double-encrypt compromised files, making a bad problem even worse.
Hackers can be real jerks.
A new form of malware has been developed to imitate decryption software that is supposed to help people who have already been victims of ransomware encryption attacks.
According to a new report from Bleeping Computer, the ransomware--which claims to decrypt files affected by the ‘STOP Djvu’ ransomware--actually double-encrypts files, making victims’ problems even worse. The virus, called “Zorab”, was discovered by Michael Gillespie, the creator of the ID Ransomware service.
Zorab compounds existing problems
Imagine: for years, encrypting ransomware has been a nightmare scenario for unwitting computer users. They click the wrong link, or open the wrong email, and suddenly find themselves in a situation in which all of their files--their most precious photos, the novels they’ve been working on, their musical projects, their work--is encrypted; the ransomware claims that only way to decrypt it is to pay a huge fee.
Of course, there have been anti-malware tools that have been developed to decrypt files without paying exorbitant amounts of money: this is exactly what this new malware is imitating. It claims to help victims of ransomware decrypt their files for free, and then double-encrypts them.
Indeed, when the victim downloads opens one of these fake decryption “tools” and clicks on “Start Scan,” the software extracts an executable file called crab.exe--the Zorab ransomware itself. Once executed, the tool will encrypt all files present on the device with a .ZRB extension.
Zorab also creates ransom notes named '--DECRYPT--ZORAB.txt.ZRB' that are present in each of the folders it encrypts; this note contains instructions on how to contact the ransomware operators for payment instructions.
"We absolutely do not care about you and your deals, except getting benefits," the notes read.
STOP may be the most prolific ransomware out there; Zorab aims to take advantage of this
In a way, the creators of Zorab were quite clever: STOP Dvju is thought to be one of the most prolific--if not the most prolific--pieces of ransomware on the books. Therefore, creating a fake decryption tool for STOP is a quick and easy way to spread another piece of ransomware.
While it hasn’t gotten as much media attention as other pieces ransomware that targets high-net-worth individuals and organizations (such as Maze, REvil, Netwalker, and DoppelPaymer), there are roughly 600 STOP ransomware submissions a day to the ID-Ransomware ransomware identification service.
Bleeping Computer described STOP as “the most actively distributed ransomware over the past year.”
The publication also said that Zorab is currently being analyzed, and that victims should not pay the ransoms that are being demanded of them until it is confirmed that there is no way to exploit weaknesses in Zorab’s software.
Hackers can be real jerks.
A new form of malware has been developed to imitate decryption software that is supposed to help people who have already been victims of ransomware encryption attacks.
According to a new report from Bleeping Computer, the ransomware--which claims to decrypt files affected by the ‘STOP Djvu’ ransomware--actually double-encrypts files, making victims’ problems even worse. The virus, called “Zorab”, was discovered by Michael Gillespie, the creator of the ID Ransomware service.
Zorab compounds existing problems
Imagine: for years, encrypting ransomware has been a nightmare scenario for unwitting computer users. They click the wrong link, or open the wrong email, and suddenly find themselves in a situation in which all of their files--their most precious photos, the novels they’ve been working on, their musical projects, their work--is encrypted; the ransomware claims that only way to decrypt it is to pay a huge fee.
Of course, there have been anti-malware tools that have been developed to decrypt files without paying exorbitant amounts of money: this is exactly what this new malware is imitating. It claims to help victims of ransomware decrypt their files for free, and then double-encrypts them.
Indeed, when the victim downloads opens one of these fake decryption “tools” and clicks on “Start Scan,” the software extracts an executable file called crab.exe--the Zorab ransomware itself. Once executed, the tool will encrypt all files present on the device with a .ZRB extension.
Zorab also creates ransom notes named '--DECRYPT--ZORAB.txt.ZRB' that are present in each of the folders it encrypts; this note contains instructions on how to contact the ransomware operators for payment instructions.
"We absolutely do not care about you and your deals, except getting benefits," the notes read.
STOP may be the most prolific ransomware out there; Zorab aims to take advantage of this
In a way, the creators of Zorab were quite clever: STOP Dvju is thought to be one of the most prolific--if not the most prolific--pieces of ransomware on the books. Therefore, creating a fake decryption tool for STOP is a quick and easy way to spread another piece of ransomware.
While it hasn’t gotten as much media attention as other pieces ransomware that targets high-net-worth individuals and organizations (such as Maze, REvil, Netwalker, and DoppelPaymer), there are roughly 600 STOP ransomware submissions a day to the ID-Ransomware ransomware identification service.
Bleeping Computer described STOP as “the most actively distributed ransomware over the past year.”
The publication also said that Zorab is currently being analyzed, and that victims should not pay the ransoms that are being demanded of them until it is confirmed that there is no way to exploit weaknesses in Zorab’s software.
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.
US Prosecutors Recommend 3-Year Prison Sentence for Binance's Changpeng Zhao: Report
Network, Learn, Grow | FMAS:24
Network, Learn, Grow | FMAS:24
Get ready to mark your calendars for FMAS:24, returning this May! Take a quick glimpse of what awaits at the Sandton Convention Centre in Sandton, South Africa from May 20-22, 2024.
Don't miss out on this 5-second invite packed with energy and urgency!
Secure your free ticket now 🔗 https://events.financemagnates.com/yQx0l?utm_source=youtube&utm_campaign=fmas-is-back&utm_medium=video&RefId=FMAS24+Video+Ad+%5B1%5D
#fmas24 #fmas #fmevents #financeinafrica #traders #investors #affiliates #forexTraders #investmentOpportunities #B2BNetworking #finTech #Innovations #TradingCommunity #BusinessOpportunities #AfricanBusiness #Johannesburg #southafrica
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!
Get ready to mark your calendars for FMAS:24, returning this May! Take a quick glimpse of what awaits at the Sandton Convention Centre in Sandton, South Africa from May 20-22, 2024.
Don't miss out on this 5-second invite packed with energy and urgency!
Secure your free ticket now 🔗 https://events.financemagnates.com/yQx0l?utm_source=youtube&utm_campaign=fmas-is-back&utm_medium=video&RefId=FMAS24+Video+Ad+%5B1%5D
#fmas24 #fmas #fmevents #financeinafrica #traders #investors #affiliates #forexTraders #investmentOpportunities #B2BNetworking #finTech #Innovations #TradingCommunity #BusinessOpportunities #AfricanBusiness #Johannesburg #southafrica
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!
Here's a sneak peek into the FMAS:24 vibrant atmosphere! Join us at Africa’s premium financial event for a transformative experience that combines the best of finance and technology.
From May 20-22, 2024, the Sandton Convention Centre in Sandton, South Africa, will be the hub for over 3,500 attendees to engage in unparalleled networking opportunities, learn from over 150 industry-leading speakers, and explore innovations from 120+ exhibitors.
Secure your free ticket now 🔗 https://events.financemagnates.com/yQx0l?utm_source=youtube&utm_campaign=fmas-is-back&utm_medium=video&RefId=FMAS24+Video+Ad+%5B1%5D
#fmas24 #fmas #fmevents #financeinafrica #traders #investors #affiliates #forexTraders #investmentOpportunities #B2BNetworking #finTech #Innovations #TradingCommunity #BusinessOpportunities #AfricanBusiness #Johannesburg #southafrica
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!
Here's a sneak peek into the FMAS:24 vibrant atmosphere! Join us at Africa’s premium financial event for a transformative experience that combines the best of finance and technology.
From May 20-22, 2024, the Sandton Convention Centre in Sandton, South Africa, will be the hub for over 3,500 attendees to engage in unparalleled networking opportunities, learn from over 150 industry-leading speakers, and explore innovations from 120+ exhibitors.
Secure your free ticket now 🔗 https://events.financemagnates.com/yQx0l?utm_source=youtube&utm_campaign=fmas-is-back&utm_medium=video&RefId=FMAS24+Video+Ad+%5B1%5D
#fmas24 #fmas #fmevents #financeinafrica #traders #investors #affiliates #forexTraders #investmentOpportunities #B2BNetworking #finTech #Innovations #TradingCommunity #BusinessOpportunities #AfricanBusiness #Johannesburg #southafrica
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!
Join 3500+ Attendees at FMAS:24 | Africa's Premium Financial Event
Join 3500+ Attendees at FMAS:24 | Africa's Premium Financial Event
Looking to expand your network in #Africa? Join 3500+ attendees at FMAS:24, where online trading, fintech, payments, and crypto meet! Connect with industry leaders and innovators for an unmatched networking experience.
20-22 MAY 2024
Sandton Convention Center, Sandton, South Africa
Register now to secure your spot: https://bit.ly/3JbUpCK
#fmas #fmas24 #fmevents #networking #finance #africa
📣 Stay updated with the latest in finance and trading!
Follow Finance Magnates for news, insights, and event updates across our social media platforms. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/company/financemagnates/
👍 Facebook: https://www.facebook.com/financemagnates/
📸 Instagram: https://www.instagram.com/financemagnates_official
🐦 X (Twitter): https://twitter.com/financemagnates/
📡 RSS Feed: https://www.financemagnates.com/feed/
▶️ Telegram: https://t.me/financemagnatesnews
Don't miss out on our latest videos, interviews, and event coverage.
🔔 Subscribe to our YouTube channel for more!🔔
Looking to expand your network in #Africa? Join 3500+ attendees at FMAS:24, where online trading, fintech, payments, and crypto meet! Connect with industry leaders and innovators for an unmatched networking experience.
20-22 MAY 2024
Sandton Convention Center, Sandton, South Africa
Register now to secure your spot: https://bit.ly/3JbUpCK
#fmas #fmas24 #fmevents #networking #finance #africa
📣 Stay updated with the latest in finance and trading!
Follow Finance Magnates for news, insights, and event updates across our social media platforms. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/company/financemagnates/
👍 Facebook: https://www.facebook.com/financemagnates/
📸 Instagram: https://www.instagram.com/financemagnates_official
🐦 X (Twitter): https://twitter.com/financemagnates/
📡 RSS Feed: https://www.financemagnates.com/feed/
▶️ Telegram: https://t.me/financemagnatesnews
Don't miss out on our latest videos, interviews, and event coverage.
🔔 Subscribe to our YouTube channel for more!🔔
Join 3500+ Attendees at FMAS:24 - Africa's Premium Financial Event
Join 3500+ Attendees at FMAS:24 - Africa's Premium Financial Event
Looking to expand your network in #Africa?
Join 3500+ attendees at FMAS:24, where online trading, fintech, payments, and crypto meet! Connect with industry leaders and innovators for an unmatched networking experience.
20-22 MAY 2024
Sandton Convention Center, Sandton, South Africa
Register now to secure your spot: https://bit.ly/3JbUpCK
#fmas #fmas24 #fmevents #networking #finance #africa
Looking to expand your network in #Africa?
Join 3500+ attendees at FMAS:24, where online trading, fintech, payments, and crypto meet! Connect with industry leaders and innovators for an unmatched networking experience.
20-22 MAY 2024
Sandton Convention Center, Sandton, South Africa
Register now to secure your spot: https://bit.ly/3JbUpCK
#fmas #fmas24 #fmevents #networking #finance #africa
Where the Prop Trading Industry Goes from Here | Finance Magnates Podcast
Where the Prop Trading Industry Goes from Here | Finance Magnates Podcast
Explore the tumultuous world of prop trading in this Finance Magnates podcast episode, featuring insights from Head of Axi Select, Greg Rubin.
We're discussing the challenges and shifts caused by MetaQuotes' pivotal decisions affecting MT4 and MT5 users, and how Axi Select offers a unique, realistic path to professional trading, steering clear of traditional prop firm pitfalls.
Tune in for expert analysis on the future of trading and innovative funding models.
The Axi Select programme is only available to clients of AxiTrader Limited. CFDs carry a high risk of investment loss. In our dealings with you, we will act as a principal counterparty to all of your positions. This content is not available for AU, NZ, EU and UK residents. For more information, refer to our Terms of Service. Standard trading fees apply.
This content is provided solely for general informational purposes and should not be construed as financial product advice or an investment recommendation. It has been prepared without considering your personal circumstances.
📣 Stay updated with the latest in finance and trading!
Follow Finance Magnates for news, insights, and event updates across our social media platforms. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/company/financemagnates/
👍 Facebook: https://www.facebook.com/financemagnates/
📸 Instagram: https://www.instagram.com/financemagnates_official
🐦 X (Twitter): https://twitter.com/financemagnates/
📡 RSS Feed: https://www.financemagnates.com/feed/
▶️ Telegram: https://t.me/financemagnatesnews
Don't miss out on our latest videos, interviews, and event coverage.
🔔 Subscribe to our YouTube channel for more!🔔
Explore the tumultuous world of prop trading in this Finance Magnates podcast episode, featuring insights from Head of Axi Select, Greg Rubin.
We're discussing the challenges and shifts caused by MetaQuotes' pivotal decisions affecting MT4 and MT5 users, and how Axi Select offers a unique, realistic path to professional trading, steering clear of traditional prop firm pitfalls.
Tune in for expert analysis on the future of trading and innovative funding models.
The Axi Select programme is only available to clients of AxiTrader Limited. CFDs carry a high risk of investment loss. In our dealings with you, we will act as a principal counterparty to all of your positions. This content is not available for AU, NZ, EU and UK residents. For more information, refer to our Terms of Service. Standard trading fees apply.
This content is provided solely for general informational purposes and should not be construed as financial product advice or an investment recommendation. It has been prepared without considering your personal circumstances.
📣 Stay updated with the latest in finance and trading!
Follow Finance Magnates for news, insights, and event updates across our social media platforms. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/company/financemagnates/
👍 Facebook: https://www.facebook.com/financemagnates/
📸 Instagram: https://www.instagram.com/financemagnates_official
🐦 X (Twitter): https://twitter.com/financemagnates/
📡 RSS Feed: https://www.financemagnates.com/feed/
▶️ Telegram: https://t.me/financemagnatesnews
Don't miss out on our latest videos, interviews, and event coverage.
🔔 Subscribe to our YouTube channel for more!🔔