New Variant of Zepto Ransomware Detected in the Wild

  • 1

We have come across a new variant of the Zepto ransomware family. It is spreading rampantly through malspam (malicious spam) and other vectors such as exploit kits. The new variant has a few minor changes in it; the most apparent one is a change in the payload file type. The payload, which was earlier an executable file (.exe), is now in the form of a dynamic link library (.dll). The use of dll files was previously seen in CryptXXX ransomware variants, which were spread through Angler and Neutrino exploit kits later on.

Download PDF for  the technical analysis of the malware
PDF icon

Prevention and Protection
The best defense against ransomware is preventing its infection from happening in the first place. Here are some simple but effective security measures users must follow to prevent the infection or the need to pay the ransom:

1. Back up your files on a regular basis. A ransomware goes after your files when it infects your computer. If you have a backup of all your important files, there is no reason why you should give in to the ransomware’s demands. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services available in the market that can take data backup periodically.

2. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.

3. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.

4. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.

5. Have an antivirus software installed on your computer that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

Subject Matter Expert – Lishoy Mathew

Quick Heal Security Labs

Quick Heal Security Labs


Your email address will not be published.


  1. Avatar Anirban DuttaAugust 30, 2016 at 7:06 PM

    Thank you for your information. Please give us some free & paid cloud backup service websites name. Thanks.

  2. Avatar Bharat DevhareSeptember 13, 2016 at 5:25 PM

    Here I have problem with .zepto file which is virus like activity and my so many files as pdf and .xls format get converted into .zepto extension …what is the solution for that .. I have Quickheal TS antivirus but no use of that also…. Please send the solution…
    Bharat Devhare…

  3. very nice adice to me