Rumba Ransomware

Posted: January 22, 2019

Rumba Ransomware Description

The Rumba Ransomware is an updated version of the Djvu Ransomware member of the STOP Ransomware family. It can disable access to some security-oriented websites, lock your files by encrypting them, turn off some Windows features related to protecting your PC and create text-ransoming messages. The users should back up their media for defending it from encryption and have anti-malware products ready for removing the Rumba Ransomware as needed.

The Crack that Illuminates the Cracks in Your Security

The STOP Ransomware's family is slowing to a trickle and may seem like a minor threat, in comparison to much more widely-used Ransomware-as-a-Service setups like the Scarab Ransomware. However, anyone who's taking the safety of their files for granted may find that the group's newest variant is more than capable of exploiting the greatest weakness in a PC's security: the user. The Rumba Ransomware, as an update of January's Djvu Ransomware release, is using software cracks for installing itself.

The cracks are circulating through torrents and file-sharing sites, and include previously-known utilities for products like Photoshop, KMSpico and others. Rather than creating separate installers, the threat actors are modifying preexisting piracy tools' installers by bundling the Rumba Ransomware to adware or a browser add-on similarly. While malware experts emphasize the encryption of documents, images, and other files as being the primary security concern with the Rumba Ransomware, the file-locking Trojan has other features, as well.

The Rumba Ransomware swaps out the old 'djvu' extension for 'rumba' on the names of the files and creates a scheduled task for encrypting new media periodically. It also controls the victim's Web-browsing access by hijacking the Hosts file for blocking security-related websites, such as It may disable the Windows Defender, as well, which deprives Windows users of their default AV solution.

The Blatant Negatives of Being a Software Pirate

There is a limited decryption solution available for no charge for some versions of the STOP Ransomware's family. However, it's only compatible with specific IDs and includes a variety of other restrictions that keep it from being an all-purpose unlocking service. Most victims will need to use their backups for recovery after disinfecting their PCs, and malware researchers recommend storing them on external devices for general safekeeping.

Installers containing bundles with the Rumba Ransomware resemble those of the 'normal' cracks externally, although appropriate security products should detect the threat. Torrents and illicit file-sharing sites are well-traveled infection sources for file-locking Trojans of all types, not just the STOP Ransomware, and Web users should keep in mind the risks whenever they interact with them without any protection. Although any good anti-malware program may remove the Rumba Ransomware, the files that it locks are likely of being lost permanently.

The Rumba Ransomware uses an old but still-pertinent technique of turning the user's psychology against itself. Illicit software can, unsurprisingly, carry far more dangers than not performing the advertised function.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Rumba Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Rumba Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.