Jump to content

For Individual Users, This Is One Ransomware You Should Pay Attention To


itman

Recommended Posts

Quote

Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers don't cover it, and for the most part it targets consumers through cracked software, adware bundles, and shady sites.

Yet, based on Michael Gillespie's ID Ransomware submissions and support requests at BleepingComputer, for the past year it has been the most actively distributed ransomware in the wild.

To give you some perspective, the ransomware identification service ID Ransomware gets approximately 2,500 ransomware submissions a day. Of those, between 60-70 % are STOP ransomware submissions.

Cracks, Adware bundles, and shady sites

In order to distribute STOP, the ransomware developers have teamed up with shady sites and adware bundles.

These sites promote fake software cracks or free programs, which are really adware bundles that install a variety of unwanted software and malware onto a user's computer. One of the programs installed via these bundles is the STOP Ransomware.

Some of the reported cracks that are have been seen installing STOP include KMSPico, Cubase, Photoshop, and antivirus software.

https://www.bleepingcomputer.com/news/security/meet-stop-ransomware-the-most-active-ransomware-nobody-talks-about/

Additional reference: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

Bottom line:

1. If you use cracked software, you do so at your own peril.

2. If Eset displays a PUA alert on something you want to install and you choose to install it anyway, you do so at you own peril.

3. If Eset alerts about a web site you wish to access and you choose to ignore it, you do so at your own peril.

Edited by itman
Link to comment
Share on other sites

The above also applies to select SMB installations. I state this after one posted in the forum a while back that they allow their employees to install whatever software they want ......🙄

Link to comment
Share on other sites

7 hours ago, itman said:

Bottom line:

1. If you use cracked software, you do so at your own peril.

2. If Eset displays a PUA alert on something you want to install and you choose to install it anyway, you do so at you own peril.

3. If Eset alerts about a web site you wish to access and you choose to ignore it, you do so at your own peril.

ESET has a dedicated anti ransomware  shield which should trigger an alert on ransomware behavior. Cracked software, PUA, Web sites , etc, have nothing to do anti ransomware protection

Link to comment
Share on other sites

  • 3 weeks later...

Hey ...!!!

I need some help on the STOP Ransomware infected my laptop files with .reco encryption. I search on internet that It is some new ransomware and no decryption is available as of now.

I request ESET to kindly look into it and provide some solutions. I need some urgent help. Lost all documents and media because of this. I really don't know how it entered into my system.

I am copying the read file it copies in all drives for intimating ransom-

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-s4NpK2lgQA
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
amundas@firemail.cc

Your personal ID:
0170hYgdfsJkbA5Y5tuXvz3ukbw3azM0Swn6Rdx0DxDeWXUM4EH

Link to comment
Share on other sites

  • Administrators
4 hours ago, abhisadda said:

I need some help on the STOP Ransomware infected my laptop files with .reco encryption. I search on internet that It is some new ransomware and no decryption is available as of now.

I request ESET to kindly look into it and provide some solutions. I need some urgent help. Lost all documents and media because of this. I really don't know how it entered into my system.

It appears that you've installed a trial version of ESET just recently, ie. most likely after the encryption occurred. Could you confirm?

Unfortunately, files encrypted by Filecoder.STOP cannot be decrypted, however, we recommend keeping important files in case that decryption will be possible in the future.

Link to comment
Share on other sites

Thanks for reply Marcos. Yes, I installed after virus infection only. Was using the Windows Security only. I am really not aware how this thing came into my PC and ruined everything. I can tell that before this infection, there were some adware working through auto start of Microsoft Edge and directing to some sites. I had to do a intensive malware scanning. Though, I think i removed all malwares from system, I am still not sure of recovering my files. These are really important files. Please help if there is any way to get the files decrypted. 😪

Link to comment
Share on other sites

  • Administrators

Currently there's no way to recover files but paying the ransom which we don't recommend if you didn't have a backup.

If you want to be protected against ransomware and other malware to the maximum extent:
- back up important files on a regular basis
- keep the OS and AV up to date
- practice safe computing
- secure RDP (e.g. use an account lockout policy, use RDP only within LAN and VPN for connections from outside, use 2FA, etc.)
- protect ESET's settings with a password
- enable detection of potentially unsafe applications
- consider using extra HIPS rules as per https://support.eset.com/kb6119/

Link to comment
Share on other sites

1 hour ago, abhisadda said:

I installed after virus infection only. Was using the Windows Security only.

Did you have Windows Defender Controlled Folders option enabled? Did you properly configure it?

Link to comment
Share on other sites

  • Most Valued Members
On 9/24/2019 at 10:16 PM, Ransm said:

ESET has a dedicated anti ransomware  shield which should trigger an alert on ransomware behavior. Cracked software, PUA, Web sites , etc, have nothing to do anti ransomware protection

I gather cracked software could be used to hide viruses, ransomware etc. It could even detect something on the AV but the user could ignore it wanting to use the software

Link to comment
Share on other sites

1 hour ago, peteyt said:

I gather cracked software could be used to hide viruses, ransomware etc. It could even detect something on the AV but the user could ignore it wanting to use the software

Correct.

If ransomware malware embedded in the cracked software installer, Eset alerts about something, and user overrides Eset alert allowing installer to proceed, I would say the odds are you will be nailed. This is because installers run with elevated privileges allowing them to do pretty much whatever they want.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
5 hours ago, itman said:

Correct.

If ransomware malware embedded in the cracked software installer, Eset alerts about something, and user overrides Eset alert allowing installer to proceed, I would say the odds are you will be nailed. This is because installers run with elevated privileges allowing them to do pretty much whatever they want.

And then in a lot of these cases the user often blames the AV

Link to comment
Share on other sites

STOP Ransomware Decryptor Released for 148 Variants

Quote

A decryptor for the STOP Ransomware has been released by Emsisoft and Michael Gillespie that allows you to decrypt files encrypted by 148 variants of the infection for free.

While the decryptor can recover files for 148 variants, it needs to be noted that anyone who was infected after August 2019 cannot be helped with this service. With that said, it may be possible to decrypt using an offline key, so even with these variants there may be some success.

https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...