The Computer Emergency Readiness Team (CERT|CC) and Coordination Centre yesterday warned computer users to be cautious of infecting ‘Rumba’ ransomware when downloading fake Windows updates, cracks for pirated software, freeware software tools as well as corrupted links and torrents.
Speaking to the Daily Mirror (CERT|CC) Information Security Engineer Ravindu Meegasmulla said five complaints had been received by them from people who had downloaded freeware video editing software and other freeware software tools and updates. All versions of Windows including Windows 7, Windows 8.1 and Windows 10 are prone to this virus attack.
It can also approach in the guise of a fake system or programme update. Also, it can use spam emails that seem legitimate on the surface to deceive the victims, supposedly, the email may be from a well-known company. The contents urge you to click a link or download an attachment.
Rumba ransomware is the crypto virus that was discovered on January 19, 2019. It is a variant of the infamous Djvu virus which belongs to STOP ransomware family and uses the Advanced Encryption Standard (AES) - an encryption algorithm to encode personnel files.
Mr.Meegasmulla said, after affecting the various personal documents, pictures, videos, databases would be encrypted to ‘.rumba’ file extension and display a message saying ‘ALL YOUR FILES ARE ENCRYPTED. Don't worry, you can return all your files! All your files documents, photos, databases and other important are encrypted with the strongest encryption and unique key.
He said the virus also said to purchase decrypt tool to restore the decrypt files but could decrypt only one file for free. The price of private key and decrypt software was $980 and 50% discount would be available if the victim contacts the cyber criminals within the first 72 hours, that's price for you was $490. “Please note that you'll never restore your data without payment. Check your e-mail “Spam” folder if you don't get an answer within 6 hours,” the message also said.
Still the CERT|CC did not find a way to decrypt the files and advised the general public not to make any payments to the cyber-criminals, Mr. Meegasmulla said.
He said people advised to keep a backup copy of their personal documents and keep updated with their windows operating system and anti-various software.
Also advised not to download or run software updates that are prompted by third-party sites. Keep in mind not to open suspicious e-mail attachments, he said.
If you do need to update your software, directly get it updated through the vendor’s website, he added. According to foreign media, Rumba ransomware had been spotted attacking computers in Germany, Hungary, Poland, Turkey, Chile, Thailand, Egypt, and other countries. The main distribution methods used for this version is cracks from a variety of software that is bundled on third-party sites, as well as fake Windows updates. (Chaturanga Samarawickrama)