Zorab Ransomware
Ransomware victims often are desperate to recover their files, and they may not think twice about trying out 'decryption software' offered by shady websites. This is exactly the behavior that the authors of the Zorab Ransomware are preying on – they promote their threatening application by masking it as a decryptor for the STOP Ransomware and its variants. The STOP Ransomware is one of the most widely spread file-lockers, and it has been used to create over a hundred different variants of the file-encryption Trojan – this means that there are likely to be thousands of people that are looking for a way to recover their encrypted files.
Unfortunately, desperate victims of the STOP Ransomware that stumble upon the fake 'Decryptor Djvu' or 'Decryptor Djvu mlagham' software may be in for a lot of trouble. As soon as this application is launched, it will display a prompt that asks them to enter the extension that was used to lock their files, as well as the ID found in the ransom note that the STOP Ransomware leaves behind. However, trying to start the decryption process will not result in a positive outcome – instead, the fake decryptor will run a copy of the Zorab Ransomware that will once again encrypt the victim's files. This way, they will have to reverse two sets of encryption if they want to use their files again – one applied by the STOP Ransomware and other applied by the Zorab Ransomware.
The Fake Decryptor for the STOP Ransomware will Further Damage Your Files
The files locked by the Zorab Ransomware will have the '.ZRB' extension included to their names. Just like other file-lockers, this one also uses a ransom note to tell the victim more about the attack – in this case, the file is called '—DECRYPT—ZORAB.txt.' According to its contents, the Zorab Ransomware's authors are willing to unlock 1-2 files for free, and they will only complete the rest of the decryption process is if they are paid the ransom fee. They also provide the email zorab28@protonmail.co as the only way to get in touch with them.
It is not yet clear how sophisticated the Zorab Ransomware's encryption is – there is a chance that this file-locker might not be very advanced, and it would be possible to release a free decryptor for it. If you have fallen victim to Zorab Ransomware's attack, you should not agree to pay any money – instead, keep checking the security news to see if a free decryptor will be released.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.