HQ/EMEAFind out how we can help your business
The StopCrypt ransomware has recently transformed into a more elusive and insidious cybercriminal tool that now efficiently evades traditional security measures.
Based on reports, despite its widespread distribution, StopCrypt operators often operate under the radar since household names, such as LockBit, BlackCat, and Clop, in ransomware notoriety overshadow it. Yet, its impact is still profound as it efficiently leaves a trail of encrypted files and victims for every attack.
Unlike some ransomware campaigns that earn headlines with their audacious tactics, StopCrypt employs a more undercover approach to infiltration. It typically breaches systems through malvertising campaigns and malicious websites that endorse adware bundles disguised as seemingly harmless software offerings.
The StopCrypt ransomware has a new variant that executes a multi-staged attack process.
A new variant of the StopCrypt ransomware employs a sophisticated multi-staged execution process to evade detection once it successfully infiltrates a targeted entity.
Then, the ransomware deploys diversionary tactics by loading seemingly unrelated DLL files and implementing time-delaying loops to bypass security measures. Through dynamically constructed API calls, the ransomware allocates memory space and runs operations designed to collect intelligence about the compromised infrastructure.
Furthermore, the subsequent stage includes process hollowing, a technique wherein StopCrypt commands legitimate processes and injects its payload for covert execution in memory. This intricate method of API calls manipulates process memory and control flow, rendering the ransomware’s presence challenging to detect.
Once it establishes persistence, StopCrypt strengthens its position, securing a foothold and denying users permission to prevent its presence. A scheduled task also ensures the ransomware’s recurrent activation, preserving its hold over the victim’s data.
Lastly, StopCrypt leaves a ransom note named “_readme.txt,” providing instructions for a ransom payment in exchange for data retrieval.
This new upgrade of StopCrypt has allowed it to become stealthier and a potent weapon for various threat actors. While its monetary demands may not rival its counterparts, its widespread disruption shows that all entities need enhanced cybersecurity measures.
As adversaries adapt and refine their tactics, the challenge to protect digital continues. Experts advise organisations and individuals to remain vigilant against the looming danger of ransomware operations.
