In December 2018, a new ransomware called Djvu, which could be a variant of STOP, was released that has been heavily promoted through crack downloads and adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension.
When first released, it was not known how the ransomware was being distributed and a sample of the main installer could not be found. When discussing the infection with the numerous victims who reported it in our forums and elsewhere, a common theme was noted; most of the victims stated that they became infected after downloading a software crack.
This campaign has been very successful, with ID-Ransomware reporting numerous victims submitting files to their system on a daily basis.