Rumba Ransomware Description
The Rumba Ransomware is an updated version of the Djvu Ransomware member of the STOP Ransomware family. It can disable access to some security-oriented websites, lock your files by encrypting them, turn off some Windows features related to protecting your PC and create text-ransoming messages. The users should back up their media for defending it from encryption and have anti-malware products ready for removing the Rumba Ransomware as needed.
The Crack that Illuminates the Cracks in Your Security
The STOP Ransomware's family is slowing to a trickle and may seem like a minor threat, in comparison to much more widely-used Ransomware-as-a-Service setups like the Scarab Ransomware. However, anyone who's taking the safety of their files for granted may find that the group's newest variant is more than capable of exploiting the greatest weakness in a PC's security: the user. The Rumba Ransomware, as an update of January's Djvu Ransomware release, is using software cracks for installing itself.
The cracks are circulating through torrents and file-sharing sites, and include previously-known utilities for products like Photoshop, KMSpico and others. Rather than creating separate installers, the threat actors are modifying preexisting piracy tools' installers by bundling the Rumba Ransomware to adware or a browser add-on similarly. While malware experts emphasize the encryption of documents, images, and other files as being the primary security concern with the Rumba Ransomware, the file-locking Trojan has other features, as well.
The Rumba Ransomware swaps out the old 'djvu' extension for 'rumba' on the names of the files and creates a scheduled task for encrypting new media periodically. It also controls the victim's Web-browsing access by hijacking the Hosts file for blocking security-related websites, such as microsoft.com. It may disable the Windows Defender, as well, which deprives Windows users of their default AV solution.
The Blatant Negatives of Being a Software Pirate
There is a limited decryption solution available for no charge for some versions of the STOP Ransomware's family. However, it's only compatible with specific IDs and includes a variety of other restrictions that keep it from being an all-purpose unlocking service. Most victims will need to use their backups for recovery after disinfecting their PCs, and malware researchers recommend storing them on external devices for general safekeeping.
Installers containing bundles with the Rumba Ransomware resemble those of the 'normal' cracks externally, although appropriate security products should detect the threat. Torrents and illicit file-sharing sites are well-traveled infection sources for file-locking Trojans of all types, not just the STOP Ransomware, and Web users should keep in mind the risks whenever they interact with them without any protection. Although any good anti-malware program may remove the Rumba Ransomware, the files that it locks are likely of being lost permanently.
The Rumba Ransomware uses an old but still-pertinent technique of turning the user's psychology against itself. Illicit software can, unsurprisingly, carry far more dangers than not performing the advertised function.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Rumba Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.