This might happen to you while searching for help if you happen to get infected by ransomware in the first place.
We all know that ransomware is one of the most invasive malware. It affects your files and it locks them up and asks you to pay to get it back. The people who make them expect you to pay up in exchange for you to get your files back.
Being a victim of anything feels awful. Imagine getting hit twice! Ransomware used to go around if you happen to download and run a malicious file on your computer. Now, some hackers have engineered ransomware to install via nothing more than a website visit.
What is more heartless than targeting people already victimized by ransomware. Here’s how they do it. Infected people try to find solutions to decrypt their files. They will try make you feel you have found the solution. When you make the mistake of downloading and installing the fake unlocker, a second ransomware kicks in and takes over. Double Whammy!
Twice the ransomware, twice the agony and misery. With no guarantee you will definitely get after paying.
Security researchers from BleepingComputer have identified a new batch of ransomware that targets existing ransomware victims with false promises of file recovery. Known as “Zorab,” this malware masquerades as a decryptor for the popular STOP Djvu ransomware, and once it’s installed, it applies an additional lock on your files and asks for a second ransom.
It is just like rubbing salt into an open wound. Practically adding insult to injury to people who already got infected in the first place.
The ransomware victims initially will go out hunting for free decryptors, and by change they find and download the Zorab file. Once it’s installed, an ordinary pop-up window appears that asks for the ransom data from the ransomware you’re currently infected with.
You are in a false sense of security that you are about to do a scan, but in the background, the malware goes to work. All useable files are encrypted with a .ZRB file extension and a ransom letter appears in every folder the malware encrypts. Yes they really have the nerves to ask you to pay. Even though they know for a fact that you are already locked up and held for ransom, it asks you to pay a second fee just to unlock your already-locked files.
A ransom within a ransom! Surely is one of those What The Hell moments.
Their website and decryption tool will claim to be of help, but it does not hurt to be skeptic. It is advised that you do not pay for the ransom. There are no guarantees you will get your files anyway.
Besides Zorab, there are others out there. Another good example is a program called “Kupidon”. They targeti businesses and individuals alike with specially tailored ransom options.
According to BleepingComputer, Kupidon takes advantage of unsecured remote desktop systems, which are hijacked and locked by the malware. The developers behind it specifically reach out and target businesses, but ordinary people are not immune either (but they are spared a significant bit of the sting).
If they happen to infect a business, they will receive a demand letter stating that they have to pay $1,200 with instructions how to submit payment via an encrypted Tor website. What does this mean? You basically have to go to the dark web to interact with people behind the hack itself. And yes this is extremely dangerous because they can do more damage is they wanted to.
If they figure out you are just an ordinary user that somehow got infected, they show a little bit of leniency and ask for a ransom no more than $300. Although it is significantly cheaper but it still costs a quite a bit. The developers think that the said amount is still cheaper than the other ransomwares out there.
Nobody wants to get hit with ransomware. It is better to prevent it from happening to you. Be careful which sites you visit and what you download. This will increase your chances of not getting infected.
If by any chance you get encrypted and want to fix your files for free, both Kupidon and Zorab will only make your life more difficult.