Zorab Ransomware
Ransomware threats are one of the nastiest types of Trojans a regular user may come across. This type of threat would silently invade a system, encrypt the files present on it, and then proceed to extort its victim for cash. Most ransomware threats are spread via phishing emails, torrent trackers, bogus copies of popular software utilities, etc. However, malware experts have spotted a new data-encrypting Trojan, which utilizes an unusual infection vector.
Propagation and Encryption
The name of the newly spotted Trojan is Zorab Ransomware, and this threat is masked as a decryption tool, which is meant to help users who have fallen victim to the notorious STOP Ransomware. It is understandable why the attackers have chosen to disguise the Zorab Ransomware as a STOP Ransomware decryptor – this is one of the most popular ransomware families that has compromised the systems of countless users. The Zorab Ransomware is likely to go after a wide range of filetypes such as .pdf, .doc, .docx, .ppt, .pptx, .xls, .xlsx, .jpg, .jpeg, .png, .gif, .mp3, .mp4, .mov, .zip, .rar, etc. Next, an encryption algorithm is used to lock the targeted data. When the Zorab Ransomware encrypts a file, it changes its extension by adding '. ZRB' at the end of it. For example, a file named 'sunny-greece.mp4' will be renamed to 'sunny-greece.mp4. ZRB.'
This Week in Malware Ep 10: STOP & Zorab Ransomware Exploits Victims w/Fake Decryptor
The Ransom Note
In the last step of the attack, the Zorab Ransomware drops a ransom message on the compromised system. The name of the file that contains the attackers' message is '--DECRYPT--ZORAB.txt.' In the note, the attackers claim that there is no other way to recover one's files unless they pay the ransom fee. However, they do not specify what the ransom fee is. It is likely that users who contact the authors of the Zorab Ransomware will be provided with further details regarding the ransom fee. The attackers provide their contact details – ‘zorab28@protonmail.com.' The creators of the Zorab Ransomware offer to decrypt two files for free.
It is never a positive idea to get in touch with the attackers. Cybercriminals rarely keep their word, and even if you pay the ransom fee, you are unlikely to receive the decryption key that you need to restore your files. You should remove the Zorab Ransomware from your PC with the aid of a trustworthy, genuine anti-malware utility.
