This nasty trick scams victims of ransomware searching for help

This nasty trick scams victims of ransomware searching for help
© Gaudilab | Dreamstime.com

Of all the kinds of malware that can affect your personal data and files, ransomware is among the worst. It’s not enough that your files get locked up and hidden from you, but the people behind the attack expect you to pay up if you ever hope to see them again!

Ransomware comes in a variety of shapes, but the latest versions of these programs are increasingly sophisticated. Previously, you needed to open a malicious extension to get it on your PC. Now, some hackers have engineered ransomware to install via nothing more than a website visit. Tap or click here to see how this works.

And now, they’re taking an even more insidious route of attack by targeting people who have already been victimized by ransomware in the first place. If you go hunting for decryption software, this deceptive ransomware might pop up. And if you make the mistake of installing, your files will be locked under a second ransom demand! Yes, really!

Twice the ransom, twice the misery

Security researchers from BleepingComputer have identified a new batch of ransomware that targets existing ransomware victims with false promises of file recovery. Known as “Zorab,” this malware masquerades as a decryptor for the popular STOP Djvu ransomware, and once it’s installed, it applies an additional lock on your files and asks for a second ransom.

Getting hit by ransomware on its own is bad enough, but getting a secondary ransom demand when you’re trying to fix your files? That’s just adding insult to injury.

Here’s how it works: Victims hunting for free decryptors find and download the Zorab file. Once it’s installed, an ordinary pop-up window appears that asks for the ransom data from the ransomware you’re currently infected with.

Once you click Start Scan, however, the malware goes to work. All your files are encrypted into proprietary .ZRB files and a ransom letter appears in every folder the malware encrypts. And, naturally, it asks you to pay a second fee just to unlock your already-locked files.

In other words, it’s the Inception of ransomware: A ransom within a ransom!

The best way to avoid being targeted is to steer clear of unusual or unfamiliar downloads — even if they claim to be of help. And if you’re infected with malware at all, never forget that your best course of action is not to pay at all. Tap or click here to see why.

Another threat lurking in the wait

Zorab isn’t the only new ransomware threat floating around on the web these days. Another dangerous program called “Kupidon” is targeting businesses and individuals alike with specially tailored ransom options.

According to BleepingComputer, Kupidon takes advantage of unsecured remote desktop systems, which are hijacked and locked by the malware. The developers behind it specifically reach out and target businesses, but ordinary people are not immune either (but they are spared a significant bit of the sting).

Business victims will receive a demand for a ransom of $1,200, with instructions to submit the payment to an encrypted Tor website. This means you’ll need to access the Dark Web in order to interact with the people behind the hack. Tap or click here to see what this means, and why it’s extremely dangerous.

Interestingly, residential victims are not affected in the same way. If the malware (and its developers) detect that you’re just some ordinary schmuck, they’ll request a ransom of no more than $300. This is significantly cheaper than many of the other programs floating around, and the hackers behind Kupidon are banking on you thinking the same thing.

As with all malware, an ounce of prevention is worth a pound of cure. If you’re cautious about where you visit and what you download, you likely won’t encounter any ransomware ever. That said, if you are encrypted and want to fix your files for free, both Kupidon and Zorab will only make your life more difficult. Stay safe out there!

Tags: downloads, file recovery, hackers, infected, malware, ransomware, security, security researchers