Also known as: StopAbit ransomware
Category: Malware
Type: Remote access trojan
Platform: Windows
Damage potential: Data exfiltration, keylogging and screen capturing for cyber espionage, and backdoor access for further malicious activity.
Overview
Stopabit is a stealthy remote access trojan (RAT) targeting Windows systems. It hides itself from detection by using encrypted communications with command and control servers. Plus, it opens the backdoor for further malicious activity. This malware usually gets into a system through phishing campaigns or infected attachments.
Once in a computer or a network, Stopabit spies on the user, collecting sensitive data, capturing keystrokes, making screenshots, and stealing files. Its modality permits loading additional components, escalating privileges, and spreading laterally to other systems on a network. Attackers usually use Stopabit to break into corporate environments and government entities.
Possible symptoms
Detecting Stopabit malware might be difficult because it does everything to stay hidden. The most common symptom of Stopabit malware is slow computer performance. Other possible symptoms include:
- Inaccessible files that show error messages indicating corrupted or invalid files.
- Renamed files or files with unusual extensions, for example, “.stopabit.”
- Ransom notes showing as “README_STOPABIT.txt” or similar.
- Disabled security tools or altered system settings.
- Suspicious outbound network traffic, possibly related to data exfiltration.
Sources of the infection
Like similar malware, Stopabit typically infects devices through malicious attachments in phishing emails or social media messages. Unsuspecting users click on these attachments, unknowingly downloading the malware. In addition to emails and instant messages, users often download Stopabit from unreliable sources like pirated websites.
Stopabit also hides in malicious ads or compromised websites. The worst part is you don’t always need to download anything to infect your device — sometimes hackers exploit software vulnerabilities in outdated applications to infiltrate your system.
Protection
The most effective way to protect against Stopabit is to educate yourself about malware and online threats. Other countermeasures against this ransomware include:
- Regularly update your programs. One key to staying secure is understanding the importance of keeping software up to date. Update everything regularly to stay protected.
- Implement email security. Set up spam filters on your email account and block malicious attachments.
- Segment your network. Segment your critical systems so even if a hacker manages to break into one segment, they cannot move further into other parts of your network.
- Use Threat Protection Pro™. Try NordVPN with an advanced Threat Protection Pro™ feature that blocks malicious ads and suspicious sites and scans files for malware as you download them.
- Enable two-factor authentication. Set up 2FA or add another device that verifies your identity and makes it hard for hackers to access your network.
Removal
If you suspect that your computer was infected with Stopabit, immediately disconnect your device from the internet and restart it in safe mode to stop the malware from loading. Then, run a full system scan with reputable antivirus software and remove the trojan. Open the task manager to check for any suspicious or unfamiliar programs and remove them from your computer. However, if the malware persists, contact a cybersecurity professional – they’ll know how to help you.
After you make sure your system is free of malware, change the passwords for your email, social media, and financial accounts to make sure criminals can’t access your private data and funds.
