Fake ransomware recovery tool double encrypts user files

Ransomware attacks have intensified in the past couple of years. To counter these attacks security researchers have rolled out scores of free tools that help victims of these cyberattacks to decrypt the encrypted files. Now, a new report says that cyber criminals have developed a phony decryption tool that adds a second layer encryption to the already encrypted files.

A report by Forbes says that there are over 150 variants of the Stop DJVU ransomware that have infected over 500,000 computers across the globe. It is mostly distributed via key generators for popular games. Unsuspecting victims download the infected files following which they are left with encrypted files and a ransom of $1,000 ( ₹75,580 approximately) to pay.

Towards the end of 2019, Emsisoft researchers released a free tool that could decrypt files for around 70% of the victims. Now, MalwareHunterTeam, as per the report, have spotted another tool that claims to decrypt the files encrypted by the Stop DJVU ransomware. However, the tool instead of decrypting the files encrypts them with another ransomware called Zorab. Together, Stop DJVU ransomware and Zorab add two layers of military grade encryption to users files.

Fortunately for the victims of the two ransomware, Emsisoft researchers with the help of researcher Michael Gillespie and MalwareHunterTeam, have determined a way to undo the damage caused by the two ransomwares.