The StopCrypt ransomware variant just received its first major update in a long time, and given its status as the world’s most distributed ransomware, that could be a big deal.
The warning comes from a new report from security researchers SonicWall, which say that the operation now comes in multiple stages, to ensure it doesn’t get picked up by antivirus programs, or endpoint protection solutions.
Even though StopCrypt is arguably the world’s most widely distributed ransomware, it rarely makes headlines, as it doesn’t target large companies, or critical infrastructure organizations. It doesn’t steal sensitive data, and it most certainly doesn’t demand millions in ransom payments in exchange for the decryption key and for the stolen data.
Flying under the radar
Instead, StopCrypt (also known as STOP ransomware) targets the average consumer. It is being distributed through malvertising, underground websites, and dark web forums. Victims usually look for cracked commercial software, activators, game cheats, and similar, and end up with infected endpoints.
Given the low ransom demand (up to $1,000), and the fact that the victims are not exactly high-profile, STOP’s campaigns rarely make headlines. Still, the new version is bound to ruin the day for a lot of consumers.
StopCrypt was first discovered in 2018, BleepingComputer reports, and has been quite active since then. Its forum thread on STOP ransomware counts more than 800 pages. Still, its developers haven’t done much over the years to expand its functionality, as most of the updates were simply addressing critical issues.
Besides STOP, the most prolific ransomware variants include BlackCat (ALPHV), LockBit, and Cl0p who have, over the years, targeted dozens of large organizations, healthcare institutions, government agencies, and critical infrastructure firms. Earlier this year, an international team of law enforcement agents managed to disrupt the infrastructure of LockBit, albeit temporarily.
+ There are no comments
Add yours