Zatrov Ransomware
The Zatrov Ransomware is a file-locking Trojan that uses encryption for keeping your media from opening. Its attacks will affect documents and other, widespread formats for both business and recreational purposes, and include deleting local, Windows backups. Users should have non-local backups secured to other devices and use anti-malware products as needed for removing the Zatrov Ransomware from their computers.
Ransomware-as-a-Service: the Busy Bees of the Extortion
The STOP Ransomware's family is maintaining a position at the forefront of the crowded and competitive RaaS industry by dint of attentive maintenance and updates. New releases from the family, bearing different extensions for their criminal clients, provide fresh dangers to users without backups of their work. Out of the youngest samples, the Zatrov Ransomware has the latest version number, 1.39, although this fact is standing on ground that's quickly-shifting.
The Zatrov Ransomware, whose etymology may derive from Eastern European roots such as Bulgarian or Russian, is capable of blocking files by using an encryption-based feature for converting media into non-opening formats. The attack can impact the user's documents, pictures, and other digital media, and includes appending a 'zatrov' extension as a signature. Less obviously than that, it also issues a command that wipes the Shadow Volume Copies, which malware experts see occurring in most file-locking Trojans.
The Zatrov Ransomware's family includes an additional element of color that's not present in competing ones: a dynamic, C&C-based encryption layer. However, this feature isn't always available; Internet connectivity problems or interference from users can block the Command & Control contact and force the Zatrov Ransomware into using a default key. Doing so is the best hope that victims have of recovering their files without a backup or paying the ransom, and criminals may not reciprocate with a decryptor.
Taking Data Lockdowns Out of Your Future
The STOP Ransomware family is, currently, trending towards using torrents and fake downloads for software and media as its infection vector of preference. Users can avoid illicit downloads and scan new files before opening them for their protection. Such evasive measures can protect their data, not just from the Zatrov Ransomware, but from its countless relatives. Family members range from the Davda Ransomware, the Stone Ransomware, the Prandel Ransomware, the Boston Ransomware, the codnat1 Ransomware, and others.
Geographically, the Zatrov Ransomware is most likely of compromising victims in Asia, including Thailand, the Philippines, India and Indonesia. Users believing themselves at any risk should keep their digital valuables backed up to other devices, including removable ones or a cloud server. The Shadow Volume Copies are, usually, not available post-infection by a member of STOP Ransomware (or Djvu Ransomware, as the family also is known).
The presence of anti-malware tools remains a reliable means of shutting down these threats. Most vendors' products should block or delete the Zatrov Ransomware on sight.
The ease of destroying a threat like the Zatrov Ransomware is matched by how it, just as readily, can demolish your digital media. Depending on post-attack healing and recovery is a non-ideal response to an infection that most users should stop from happening, at all.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.