Security News > 2024 > March > StopCrypt: Most widely distributed ransomware evolves to evade detection
A new variant of StopCrypt ransomware was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.
StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence that you rarely hear about.
While you constantly hear how big some ransomware operations are, such as LockBit, BlackCat, and Clop, you rarely hear security researchers discussing STOP. That is because this ransomware operation does not typically target businesses but rather consumers, hoping to generate tens of thousands small $400 to $1,000 ransom payments instead of one large multi-million-dollar demand.
The ransomware is commonly distributed via malvertising and shady sites distributing adware bundles disguised as free software, game cheats and software cracks.
This leads infected users to desperately reach out to security researchers, ransomware experts, and our 807-page STOP ransomware forum topic to try and receive help.
SonicWall's threat research team has uncovered a new variant of the STOP ransomware in the wild that now utilizes a multi-stage execution mechanism.