A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.
While you constantly hear how big some ransomware operations are, such as LockBit, BlackCat, and Clop, you rarely hear security researchers discussing STOP.
That is because this ransomware operation does not typically target businesses but rather consumers, hoping to generate tens of thousands small $400 to $1,000 ransom payments instead of one large multi-million-dollar demand.
The ransomware is commonly distributed via malvertising and shady sites distributing adware bundles disguised as free software, game cheats and software cracks.
However, when these programs are installed, the users become infected with a variety of malware, including password stealing trojans and STOP ransomware.
This leads infected users to desperately reach out to security researchers, ransomware experts, and our 807-page STOP ransomware forum topic to try and receive help. Read More..