What is Rumba ransomware
Rumba is one of the newest variants of Djvu (STOP) ransomware. Most of the time users get this ransomware onto their computers after downloading software cracks. After getting into the system, Rumba encrypts most files on the computer and upends .rumba extension to them. Rumba leaves ransom notes called _openme.txt in folders with encrypted files. Rumba might also change the hosts.txt file (located in C:\Windows\System32\drivers\etc\ folder) on the infected machine: add known sites about computer security and antivirus sites to the list of domains the computer is forbidden from connecting to. Meaning: users won’t be able to access sites they need to get rid of the ransomware. Rumba might create a scheduled task to launch its encryptor at random intervals, to encrypt new files that have been created after the initial infection or files that have been restored from backup.