Zobm Ransomware
Ransomware threats' popularity keeps growing, and there are more and more victims claimed each day. Most authors of ransomware rely on already established data-locking Trojans for their creations. This means that they borrow the code from an existing ransomware threat and then modify it slightly to serve their needs. It would appear that a very large number of cyber crooks in 2019 have opted to use the STOP Ransomware as a basis of their file-encrypting Trojans, making this ransomware family as the most active one throughout the whole year. One of the newest copies of the STOP Ransomware is called the Zobm Ransomware.
Propagation and Encryption
It is difficult to determine how the perpetrators are propagating the Zobm Ransomware, as there is not enough data on the topic yet. Spam email campaigns are likely to be one of the infection vectors involved in the spreading of this data-encrypting Trojan. Such campaigns usually involve emails with fraudulent messages that attempt to trick the users into opening an attached file, often a document, which would be macro-laced and infect the host upon being launched. Torrent trackers, fake pirated variants of popular applications, and bogus software updates may be some of the other propagation methods used by the attackers. When this ransomware threat infiltrates your computer, it will look for all files sorts to mark for propagation – images, videos, spreadsheets, documents, presentations, databases, archives, audio files, etc. Ransomware threats usually target popular file types that are likely to be present on any user's system. The Zobm Ransomware applies encryption to lock the targeted data. This file-locking Trojan appends an extra extension to the encrypted files – '.zobm.' For example, a file that you had given the name 'silver-statue.jpeg' will be renamed to 'silver-statue.jpeg.zobm' when this ransomware threat locks it.
The Ransom Note
The Zobm Ransomware follows in the footsteps of most variants of the STOP Ransomware in most of its features, including the ransom note. The ransom message will be found in a file named '_readme.txt' just like most variants of the STOP Ransomware. The authors of the Zobm Ransomware require $980 as a ransom fee but inform that PC users who contact them within 72 hours only have to pay half the price - $490. The attackers state that they are willing to unlock one file free of charge. This is a common tactic, which serves to prove to the victim that the authors of the ransomware are capable of reversing the damage done to the files. Two email addresses are provided as a mean of contacting the creators of the Zobm Ransomware – ‘datahelp@iran.ir' and ‘datarestorehelp@firemail.cc.'
Contacting the authors of the Zobm Ransomware is not a good idea. People like this are not known for their honesty, and even users who agree to pay up are, more often than not, left empty-handed. It is much safer to trust an anti-malware application to remove the Zobm Ransomware from your computer once and for all.
