March 15, 2024 at 09:55AM
A new variant of StopCrypt ransomware spotted utilizing multi-stage execution and evading security tools. STOP Djvu, a widely distributed ransomware, targets consumers for small ransom payments. Distributed via malvertising and adware bundles, it infects users with various malware. The new variant employs intricate execution mechanisms, posing a significant threat despite modest monetary demands.
From the meeting notes, we can gather that a new variant of the StopCrypt ransomware has been identified in the wild. This variant employs a multi-stage execution process that involves shellcodes to evade security tools.
StopCrypt, also known as STOP Djvu, primarily targets consumers with the aim of generating numerous small ransom payments ranging from $400 to $1,000, as opposed to demanding one large multi-million-dollar ransom from businesses.
The ransomware is commonly distributed via malvertising and shady sites distributing adware bundles disguised as free software, game cheats, and software cracks. Once installed, users become infected with a variety of malware, including password-stealing trojans and STOP ransomware.
Infected users often seek help from security researchers, ransomware experts, and various forums to try and receive assistance, highlighting the impact of this ransomware on a large number of people.
The new variant of the STOP ransomware, also known as StopCrypt, utilizes a multi-stage execution mechanism involving the loading of a seemingly unrelated DLL file and the use of long time-delaying loops to bypass security measures. It employs process hollowing to inject its payload into legitimate processes for discreet execution in memory, making detection harder.
The ransomware encrypts files and appends a “.msjd” extension to their new names, and creates a ransom note named “_readme.txt” in every impacted folder, providing victims with instructions on paying the ransom for data retrieval.
This evolution of StopCrypt into a more stealthy and powerful threat underscores a troubling trend in cybercrime, as even though its monetary demands are not high and its operators do not perform data theft, it has the potential to cause significant damage to a large number of people.
These key takeaways from the meeting notes summarize the emergence and impact of the new variant of the StopCrypt ransomware, highlighting its methods of distribution, execution process, and potential implications for victims.