Internet Security

Get to Know More about ZCryptor: A ransomware that behaves like a worm

Microsoft also reports that Windows Defender is able to detect and get rid of ZCryptor.

Ransomware takes its name from the fact that it holds your computer hostage and you would not be able to use it until you do what it asks you to do. Usually, ransomware bars you from using your computer until you pay money or complete a survey. Ransomware behavior varies, but usually it prevents you from accessing your computer or a certain software program on it. It can also encrypt your files so that you would not be able to access them. It is only until you pay the ransom that you will be able to access your computer and your files again. There is, however, no guarantee that you will get access back if you pay the ransom. As you can probably guess, ransomware can easily go from just being a pain in the neck to a full-blown cancer.

Ransomware is one of the most lucrative exploits by cybercriminals these days. It used to be malicious e-mails, but they are no longer as effective today because people are now getting wary about clicking links on e-mails that come from sources they do not trust. Moreover, Web browsers can now detect malicious URLs and spam. So, naturally, hackers are no longer getting fat paychecks from their old ways. And what’s a wily and resourceful hacker to do? Find another way to distribute malware, of course. And this is where ransomware and cryptoworms come in. Cryptoworms are malicious pieces of code that can distribute itself, infecting computers of unsuspecting users and spreading ransomware.

Over the past few months, several ransomware have appeared and one of the latest is ZCryptor ransomware, or Ransom:Win32/ZCyptor.A.

[expand title=”Click here to read more about this article”]

Microsoft reported that this ransomware is spread via spam e-mails, macro malware and fake installers. Simply put, it infects you when you run a fake installer of a popular program (such as Adobe Flash), or by using a macro in an Office document. Once contracted, ZCryptor would then infect your flash drives, external drives and other removable media. The infected removable drives can in turn infect other computers where the ransomware can also encrypt files.

This is the first reported case of a ransomware that also exhibits the behavior of a worm that can propagate itself and infect more computers.

When you run ZCryptor, it will add itself to your start up processes and you should see this in your registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

zcrypt = (path of the malware)

It will also add three files in your appdata folder: cid.ztxt, private.key and public.key. When it infects removable drives, it will also create an autorun.inf file as well as a copy of the ransomware.

ZCryptor will encrypt several files on your system. Microsoft reports that it could affect more than 80 file types, including databases, photos, and documents. It will then change the file extension to .zcrypt, so that for instance, vacation.jpg will now be vacation.zcrypt.

Once your files are encrypted, you will see the ransom note displayed on your computer. The ransom note will explain that your data and files have been encrypted and that there is a unique key generated to decrypt these files. It will then ask you to pay in Bitcoin, or more specifically, you must pay 1.2 Bitcoin within four days. The ransom note will also warn you that if you do not pay in four days, the ransom will increase to five Bitcoins and if you are still not able to pay within seven days, your unique key will be destroyed. And that means you will never be able to access your files again. The note further warns you against removing the program by yourself as this will mean that the decryption key will be destroyed.

Expect to see more of ZCryptor and other ransomware coming out in the next few months. After all, cybercriminals have been known to earn around $5 million just by sending out one ransomware. Cisco reported that in 2015, cybercriminals using the Angler Exploit Kit were able to target 90,000 victims daily and potentially earned $60 million in a year.

Ransomware attacks are not that uncommon, too. In March, Tricky Locky encrypted the files in two US hospitals and only unlocked it after the creators got $17,000 from their victims.

Keeping safe

If you are using Windows XP 64-bit computers, as well as Windows 7 and 8, then you are vulnerable to this threat.

If you do not like the thought of losing all your files, or giving into extortion, then you might want to keep yourself safe from getting infected. Kaspersky has come up with several steps that you can take to protect yourself from a ZCryptor attack, including:

  • Updating your Windows and other software regularly, so that exploits and vulnerabilities are plugged. This will ensure that ZCryptor will not be able to spread around the network.
  • Avoid suspicious Web sites that may have been compromised.
  • Do not open attachments if you do not know or trust the source.
  • Disable macros in Microsoft Office, particularly in MS Word.
  • Backup all your files and store these backups in an external drive that is not always connected to your computer. Additionally, you can use cloud storage to have a copy of your files. In case you do get infected with ZCryptor, you will not run the risk of losing your files even if you do not pay the ransom.
  • Use the latest protection software that can detect ZCryptor.

Microsoft also reports that Windows Defender is able to detect and get rid of ZCryptor. Use Windows Defender for Window 8.1 and 10. If you are using Windows Vista or Windows 7, you can use Microsoft Security Essentials. You should also run a full Microsoft Safety Scanner scan.

Learn more about how you could protect your business from vulnerabilities like ZCryptor.   Four Cornerstone has IT experts that can help train your employees on the finer aspects of security, as well as help you have the IT infrastructure that can assist your enterprise mitigate risks from ransomware and other malware. Contact Four Cornerstone now!

Photo courtesy of Christiaan Colen.[/expand]

Cloud Blog

4 Ways To Benefit from…

One of the benefits you get when you work with cloud applications is that you often have quarterly updates that are packed with features. This...

Keep Reading

Artificial Intelligence

Data and Analytics: Cross the…

  Artificial intelligence is a manna sent from digital heaven. That’s how blessed your business can get if you immerse into the AI of things....

Keep Reading

Business Intelligence Blog

How Brand Names Survive in…

  The age of digital marketplace has made it possible for unknown and smaller companies to compete with better-known and well-established brands. Take for example...

Keep Reading

Artificial Intelligence

The Phenomenon That Is Artificial…

  Artificial intelligence is when a machine does cognitive functions that are more associated with humans, such as thinking, learning, problem solving, and reasoning. As...

Keep Reading

Cloud

Digital Transformation in Banking: Shift…

  The start of a new decade is already shaping up to be exciting for financial services, especially for banks as they continue to compete...

Keep Reading

Business Intelligence Blog

Data Science and Its Economic…

It would seem that artificial intelligence is the focus of businesses that are looking to future proof their organizations and stay competitive. And why not?...

Keep Reading

Data Blog

Ensure Efficient Data Science and…

In an ever-expanding landscape called Internet of Things and the exploding development of artificial intelligence, we are bombarded with complex methods of integrating data science...

Keep Reading

Business Intelligence Blog

Cybersecurity: The Top 5 Expectations…

  If you think about it, cybersecurity is closely tied to human rights, privacy, freedom, and even basic safety. As a whole, we have become...

Keep Reading

Business Intelligence Blog

Tech Security Should Be Easy…

  IT professionals know that tech security is important in everything that they do. And that there are a lot of products, tools, innovations, and...

Keep Reading

Business Intelligence Blog

The Top 6 Success Stories…

Nearly nine out of 10 digital transformation initiatives fail. Digital transformation projects fail for a variety of reasons. It can be because of a lack...

Keep Reading

Live Chat | Emergency