Fake Tool to Decrypt STOP Djvu Ransomware

When we talk about threats that can put our online security and privacy at risk, ransomware is undoubtedly one of the most important. There are many versions that can compromise our files and personal information. As we know, the objective of this type of malware is to encrypt the files and systems and then request a ransom in exchange. Sometimes we can find tools created to decipher a specific version and thus help to recover the content. Now, are they all safe? Today we echo a tool that offers help against ransomware but in reality it is a threat.

A tool to decrypt ransomware infects the system

Tool to Decrypt Ransomware

If a user is a victim of ransomware, basically they will have two options to recover their files: pay a ransom and have the attackers hand over the decryption key, or be lucky and that for that ransomware there is already a tool available to decrypt it . The latter is something that many security researchers work on, but not all versions are available.

The problem is that hackers also take advantage of this and sometimes launch supposed decryption tools but it is actually a threat. What this malicious software does is encrypt the content once again. In short, we are facing another undercover ransomware .

In this case it is a supposed tool to decrypt the STOP Djvu ransomware . It takes advantage of users who may be desperate looking for a way to decrypt their computer and not have to pay a significant amount of money, to infect the computer again.

The STOP Djvu ransomware may not be as well known, however it should be mentioned that today it has more victims daily than the sum of other more popular varieties such as Maze, REvil, Netwalker and DoppelPaymer. It is also a ransomware that especially attacks home users , compared to other varieties that are more targeted at companies.

Ransomware is a major threat

Zorab, the fake ransomware decryptor

All this makes many clueless or desperate users to recover their files opt for this tool called Zorab. It is offered online as a program capable of decrypting the STOP Djvu ransomware . The problem is that when the victim runs it, what it does is not decrypt the ransomware, but creates another additional layer of encryption.

Basically we are facing a hidden ransomware as if it were a decryptor. This ransomware will add the .ZRB extension to the files. From there it acts like any other ransomware: it shows us a document to contact the attackers and thus have the payment instructions.

Now, what must we do to install decrypts safely? As we know, there are varieties of ransomware that have tools to decrypt it in a totally safe way and that are offered by security researchers. There are platforms like No More Ransomware that help victims. It is important that whenever we are going to use this type of tools we make sure that we are obtaining it from safe sites and therefore we are not adding another threat.