Ransomware attackers are using double extortion and a fake decryptor tool to increase the potential damage for victims, warned the Hong Kong Computer Emergency Response Team. The double extortion comes from ransomware groups such as Maze and REvil (Sodinokibi), which steal data before encrypting systems and hold the data and systems for ransom. The fake STOP Djvu decryptor promises free decryption for ransomware victims but deploys Zorab ransomware instead.

More:

• Other ransomware groups employing double extortion include Clop, DoppelPaymer, Mespinoza, Nefilim, Nemty, Netwalker, RagnarLocker, Sekhmet, and Snatch.
• Security firm Emsisoft offers a legitimate free decryptor tool for the Zorab ransomware.