Rumba Ransomware
The Rumba Ransomware is an updated version of the Djvu Ransomware member of the STOP Ransomware family. It can disable access to some security-oriented websites, lock your files by encrypting them, turn off some Windows features related to protecting your PC and create text-ransoming messages. The users should back up their media for defending it from encryption and have anti-malware products ready for removing the Rumba Ransomware as needed.
The Crack that Illuminates the Cracks in Your Security
The STOP Ransomware's family is slowing to a trickle and may seem like a minor threat, in comparison to much more widely-used Ransomware-as-a-Service setups like the Scarab Ransomware. However, anyone who's taking the safety of their files for granted may find that the group's newest variant is more than capable of exploiting the greatest weakness in a PC's security: the user. The Rumba Ransomware, as an update of January's Djvu Ransomware release, is using software cracks for installing itself.
The cracks are circulating through torrents and file-sharing sites, and include previously-known utilities for products like Photoshop, KMSpico and others. Rather than creating separate installers, the threat actors are modifying preexisting piracy tools' installers by bundling the Rumba Ransomware to adware or a browser add-on similarly. While malware experts emphasize the encryption of documents, images, and other files as being the primary security concern with the Rumba Ransomware, the file-locking Trojan has other features, as well.
The Rumba Ransomware swaps out the old 'djvu' extension for 'rumba' on the names of the files and creates a scheduled task for encrypting new media periodically. It also controls the victim's Web-browsing access by hijacking the Hosts file for blocking security-related websites, such as microsoft.com. It may disable the Windows Defender, as well, which deprives Windows users of their default AV solution.
The Blatant Negatives of Being a Software Pirate
There is a limited decryption solution available for no charge for some versions of the STOP Ransomware's family. However, it's only compatible with specific IDs and includes a variety of other restrictions that keep it from being an all-purpose unlocking service. Most victims will need to use their backups for recovery after disinfecting their PCs, and malware researchers recommend storing them on external devices for general safekeeping.
Installers containing bundles with the Rumba Ransomware resemble those of the 'normal' cracks externally, although appropriate security products should detect the threat. Torrents and illicit file-sharing sites are well-traveled infection sources for file-locking Trojans of all types, not just the STOP Ransomware, and Web users should keep in mind the risks whenever they interact with them without any protection. Although any good anti-malware program may remove the Rumba Ransomware, the files that it locks are likely of being lost permanently.
The Rumba Ransomware uses an old but still-pertinent technique of turning the user's psychology against itself. Illicit software can, unsurprisingly, carry far more dangers than not performing the advertised function.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.