Experts observed the ransomware also installing the dreaded Azorult password-stealing Trojan on victim’s machine to steal account credentials, cryptocurrency wallets, documents and more.
AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. Later it was involved in many malspam attacks, but only in July 2018, the authors released a substantially updated variant.
In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18. In October a new version of the info-stealer appeared in the wild, it is able to steal more data, including other types of cryptocurrencies
The STOP Ransomware was first spotted in January when he was being distributed by fake software cracks in January,
The popular malware researcher Michael Gillespie observed that some recent variants of the
“When we first covered the DJVU variant of the STOP Ransomware being distributed by fake software cracks in January, we noted that when the malware was executed it would download various components that are used to perform different tasks on a victim’s computer.” reads a blog post published by Bleepingcomputer.
“These tasks include showing a fake Windows Update screen, disabling Windows Defender, and blocking access to security sites by adding entries to Windows’s HOSTS file.”
One of the variants analyzed by BleepingComputer encrypts data and appends the .promorad extension to encrypted files, then it creates ransom notes named _readme.txt as shown below.
Experts recommend victims who have been infected with the STOP Ransomware to immediately change the passwords to any online accounts that they used.
“Victims should also change passwords in software such as Skype, Steam, Telegram, and FTP Clients. Finally, victims should check any files stored on the Windows desktop for private information that may now be in the hands of the attackers.” concludes BleepingComputer.
The known list of STOP
.blower .djvu .infowait .promok .promorad2 .promos .promoz .puma .rumba .tro
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.