The STOP/Djvu Ransomware family continues to expand by introducing another variant called EYRV Ransomware. EYRV Ransomware received its name based on the ‘.EYRV’ suffix that it appends to affected files.
This ransomware strain works identically with the other STOP/Djvu Ransomware family members. It spreads mostly via spam emails, phishing messages, social engineering, and compromised websites.
Users will accidentally download EYRV Ransomware, and after that, they will suddenly see that their files have been encrypted. As a result, they won’t be able to access their data. As previously mentioned, the affected files will be appended with the ‘.EYRV’ file extension and victims will find the ‘_readme.text’ ransom note on their desktop. The hackers behind EYRV Ransomware request $980 for file decryption, but they are willing to lower that price to $490 in return for payment within 72 hours.
The hackers also provide victims with contact information in two emails, helpteam@mail.ch and helpmanager@airmail.cc. Victims are instructed to send one file for free decryption as proof that the ransomware operators can unlock the victims’ files after receiving payment.
As always, we strongly recommend that victims do not communicate with the hackers. Infected users should refrain from paying any ransom, as paying does not guarantee that victims will receive a decryption tool.
Surviving an EYRV Ransomware Attack
In general, we strongly recommend users keep backups of their valuable files on removable storage devices or on a cloud storage service to mitigate the troubling consequences caused by ransomware infections. But if you should find yourself infected by EYRV Ransomware, we recommend that you use a reputable anti-malware tool to scan for and remove the elements related to this nasty infection.