STOP ransomware has been spread through cracking software like KMSPico, Cubase, Photoshop, and antivirus software

There are not many reports about Stop ransomware. It is mainly spread through cracking software, advertising software packages, and shady sites. Ryuk, GandCrab, and Sodinkibi, etc. are widely concerned by the media because they need to pay huge ransoms and can stop the normal operation of enterprises and governments.

Based on Michael Gillespie’s ID Ransomware report, the most active ransomware in the past year is the STOP Ransomware submissions. Ransomware Identification Service ID Ransomware receives approximately 2,500 ransomware submissions per day, of which 60-70% are STOP ransomware submissions. This number of submissions exceeds the other ransomware that users submit to the service when they seek help.

In order to distribute STOP, ransomware developers have been bundled with shady sites and adware. These sites promote some cracked software programs but actually include an advertising program that installs unwanted software and malware on the user’s computer. One of the programs installed through these bundles is STOP Ransomware.

At present, STOP ransomware which embedded on cracking software has been found, including KMSPico, Cubase, Photoshop, and even anti-virus software. Not only that, but these sites also offer some free software downloads, as well as an adware bundle that installs ransomware. Some of these variants also bundled the Azorult password-stealing Trojan with ransomware.

Source: bleepingcomputer