Cryptovirological operators are diligently and continuously working on new ransomware strains. This is the reasons why ransomware removal experts and malware hunters come across a new strain or any variant every other day.
In the latest
According to the preliminary investigations into the nature of the strain, it has been found out that it used Advanced Encryption Module to lock down files on the targeted device. AES encryption has the ability to lock nearly every file format. However, the good news is most of the professional ransomware removal experts know how to crack it. Researchers have also found out that Rumba ransomware is mostly targeting European and Asian users.
Bogus Window Updates and Fake Cracked Software: The Payload Delivery Method of Rumba Operators
Ransomware operators mostly use phishing email with infected attachments to deliver the payload of malware. However, Rumba ransomware operators have used a less-taken route to deliver the malware payload. They have devised fake window updates and cracked versions of software applications and spread them across different unprotected web domains.
People who download these executable files actually download the cryptovirological script, which unpacks when users click on the downloaded executable file. To prevent ransomware or any other malware infiltration, it is recommended to only use official and authentic websites to download any software program or patch.
Rumba Operators Offer ‘Discount’ on Extortion Payment
Ransomware operators are aware of the fact that the majority of targeted users will not contact them to get the solution. Therefore, Rumba operators have modified their ransom offer. They offer free decryption of one file of up to 1MB to prove that they have the complete decryption solution.
Moreover, they also offer to waive 50% ransom amount if the user is willing to pay it within three days after the attack. Rumba operators are asking for 980$ in Bitcoin to provide complete ransomware removal and that can be reduced to $490 by making the payment within 72 hours.
Even paying $490 to cybercriminals is not worth it. First of all, there is no guarantee that you will get the complete solution to unlock all the encrypted data even after the payment of ransom. Secondly, the payment of ransom will encourage the operators to expand their shenanigans.
To deal with any malware attack such as ransomware that targets data, maintain a routine of making data backups. Moreover, in case of any cyber attack on your device or network, ask for professional help instead of engaging with the perpetrators of the attack.