Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware.

According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor "Djvu" – so named because it appends one of several .djvu string variations to affected files as an extension. Determined to be a member of the STOP family, Djvu later morphed into other minor variants that appended different extensions, including. tco and .rumba.

Bleeping Computer pinpointed the attack vector after user discussions in its forums and other sites revealed a common denominator: victims were infected after visiting one of several websites where they downloaded cracked versions of software products, including Microsoft Windows-based programs, Cubase, Adobe Photoshop, antivirus software and more.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.