Hackers are using a new fake recovery tool called "Stop DJVU Ransomware" to breach thousands of computers. According to Forbes' latest report, scores of free decryption tools for ransomware which were used over the past years were released by hard-working cybersecurity professionals.
However, the released data revealed that a new tool deployed to detect one of the most widely-distributed strains of ransomware is not what it appears to be. Security researchers at Emsisoft estimated that 50,000 computers were infected by 150 variants of the recovery tool called "Stop DJVU Ransomware," which is most commonly distributed inside key generators for popular games or cracks.
The researchers discovered that victims were attacked with folders full of unusable files, encrypted with Stop DJVU ransomware recovery tool. Personal data of the unsuspecting victims were held for a ransom at nearly $1,000, but security researchers said that the hackers were generous, offering a 50% discount to those individuals who can pay as soon as possible.
However, the users victimized by the fake recovery tool were fortunate since the Emsisoft's researchers were able to figure out how to break the ransomware's encryption. A free tool was released by the company at the end of last year that is claimed to have decrypted files for around 70% of the victims.
Fake recovery tool "Stop DJVU Ransomware" infected 50,000 computers; Honda's Global Operations halted by ransomware attack
Although the new recovery tool for ransomware that was released by Emsisoft may provide promising results, researchers discovered that its release gave way for new opportunities for cybercriminals. Another tool that was claimed to decrypt files that were infected by Stop DJVU Ransomware was discovered by MalwareHunterTeam, affecting those individuals who unfortunately ran the tool.
The security researchers stated that the recovery tool was actually re-encrypting the files with new ransomware called "Zorab," resulting in two layers of military-grade encryption that allowed hackers to have two ransom demands. However, as quickly as Zorab surfaced, Emsisoft was once again able to figure out how to undo the damage with the help of MalwareHunterTeam and security researcher Michael Gillespie.
Meanwhile, the global operations of Honda were halted by a ransomware attack. According to Techcrunch's latest report, the car manufacturer confirmed on Tuesday, June 9, that it fell victim to a cyberattack that caused production issues outside of its headquarters in Japan.
"Work is being undertaken to minimize the impact and to restore full functionality of production, sales, and development activities," said the car company.
At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable. We are working to resolve the issue as quickly as possible. We apologize for the inconvenience and thank you for your patience and understanding. — Honda Automobile Customer Service (@HondaCustSvc) June 8, 2020
Honda confirmed the news by posting a tweet, which is now pinned to the top of its Twitter feed, stating that its financial services and customer service are currently unavailable because of the ransomware attack.