A new variant of the STOP ransomware, known as STOP, has emerged, demonstrating a multi-stage execution process designed to evade security measures. Unlike more widely discussed ransomware operations targeting businesses, STOP primarily focuses on consumers, aiming for numerous small ransom payments rather than large demands. STOP spreads through deceptive channels such as malvertising and disguised software bundles, infecting users with various malware including password-stealing trojans.
STOP’s multi-stage execution involves loading DLL files, implementing time-delaying loops, and utilizing dynamically constructed API calls to make detection more challenging. The ransomware employs process hollowing to discreetly execute its payload within legitimate processes, enhancing its stealth capabilities. Once executed, STOP encrypts files and appends a “.msjd” extension while creating ransom notes instructing victims on payment procedures.
Despite its relatively low ransom demands and lack of data theft, STOP poses a significant threat due to its potential to infect a large number of users. The ransomware’s evolution into a more sophisticated threat underscores the alarming trend of cybercriminals continuously refining their tactics. As STOP continues to evolve, cybersecurity efforts must adapt to mitigate its impact and protect users from falling victim to its malicious activities.
