Consumers beware! StopCrypt ransomware becomes more stealthy
This malware hijacks other processes to keep itself hidden
2 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Ransomware is one of the nasty types of malware that will permanently lock your files and prevent you from accessing them.
Speaking of which, there’s a lesser-known ransomware on the Web that has been causing trouble for years, and its name is StopCrypt.
What is StopCrypt ransomware and how does it work?
StopCrypt or STOP Djvu, is one of the most distributed ransomware according to the BleepingComputer. Unlike other ransomware that targets large companies, this one goes after everyday users.
This malware is distributed via websites that are used for sharing copyrighted software, and once you download that software, this nasty malware gets downloaded as well.
This isn’t a new malware, and it has been around since 2018, however, it has changed over the years to make itself harder to detect.
The latest version of this malware uses multi-stage execution, and it uses API calls on the stack to allocate the necessary memory, thus making its detection harder.
After that, the malware will hijack other processes and use them to run its code in the background.
Lastly, malware will change access control lists and deny users permission to delete important malware files and directories.
After all that is done, you’ll get a _readme.txt message in every directory giving you instructions on how to unlock your files.
This malware has been a problem for years, and since it’s almost impossible to get rid of it, always practice vigilance and stay off shady websites.
Ransomware in general is a major threat, and it has been reported that ransomware stole the data of 27,000 people from Stanford.
This isn’t the only malware that is causing trouble, and a recent threat is a Vcrums malware that targets browsers specifically.
