Ransomware removal analysts have found a familiar foe. The notorious STOP Ransomware that was discovered back in January 2018 has made a return through its variant known as STOPDATA.
Distribution Strategies
The ransomware utilizes different strategies to spread itself over a wide number of systems and profits through the exploitation of data. Ransomware removal experts explain that the ransomware has a malicious payload that is transmitted by a malware. This malware acts as a middleman and is termed as a dropper. A dropper is mainly distributed via spam e-mail campaigns and the ransomware’s virus is incorporated as part of an attachment.
These e-mails often go undetected as they pose as a reliable brand. The brand names most commonly used by STOPDATA are DHL, PayPal, Amazon, and eBay. Thus, experts discourage the practice of opening and downloading from each e-mail and encourage digital hygiene over the use of the Internet that can safeguard users from ransomware attacks. Other ways to spread STOPDATA can be through downloading of fake cracks and patches of freeware like software and games.
Working and the Ransom Note
Like other ransomware, STOPDATA also encrypts the data of its victims. The encryption is done through the use of cryptographic algorithms RSA-1024 and AES. After the files have been encrypted, they will be marked with an extension of “.STOPDATA”. Afterward, a ransom note is added into the affected computer.
The ransom note states that the files of the victim have been encrypted with the STOPDATA Ransomware with the use of the RSA-1024 algorithm. The victim is then asked to pay $200 in exchange for a key that can decrypt the locked data through decryption software for ransomware removal. A time limit of 72 hours is given to pay the ransom. Lastly, an email address of datadecryption@bitmessage.ch is given for further communication.
