Skip to content

Beware of fake ransomware decryption tools

June 8, 2020

As soon as free ransomware decryption tools hit the markethas increased a wave of counterfeit software claiming to decrypt files affected by ransomware.

According to a June 5 report by Bleeping Computer, the developers of the Zorab ransomware released a fake STOP Djvu decoder. Instead of restoring the victim’s data, this software seems to encrypt their files with a second ransomware.

When the victim opens one of these tools, the software extracts an executable called crab.exe. This is Zorab ransomware itself. After execution, the tool encrypts all existing files with the extension .ZRB.

Duplicate encrypted files

Beware of fake ransomware decryption toolsBeware of fake ransomware decryption tools

Talk to Cointelegraph Brett Callow, a threat analyst at the Emsisoft malware lab, says STOP is by far the most common ransomware. He claims to make up about half of all incidents:

“Unfortunately, criminals often create fake versions of popular software to spread malware, and now they have created a fake version of our decryptor to do just that. If you run the fake tool, the data encrypted by STOP will not be retrieved.” will actually encrypt it a second time. “

Callow refers to one of several free tools recently released by Emsisoft. These tools allow users to decrypt files that are affected by certain variants of the rescue software.

The Emsisoft threat analyst issued the following warning to the public:

“This shows why users should be careful when downloading software and applications and ensure that they come from a trustworthy and reputable source. Cracks, triggers and key genes should also be avoided as they are also often used to rescue programs and other harmful ones Spreading programs. “

The latest free published ransomware decryption tools

Cointelegraph recently ran extensive coverage of various free ransomware decryptors released by various technology companies.

On June 3, the Spanish-based telecommunications conglomerate Telefónica launched a free tool to restore the data encrypted by the VCryptor rescue package.

Emsisoft also launched a free decryption tool on June 4 that allows victims to recover encrypted files through ransomware attacks. Tycoon without paying the ransom.