New Variant of Zepto Ransomware Detected in the Wild

  • 1
    Share

We have come across a new variant of the Zepto ransomware family. It is spreading rampantly through malspam (malicious spam) and other vectors such as exploit kits. The new variant has a few minor changes in it; the most apparent one is a change in the payload file type. The payload, which was earlier an executable file (.exe), is now in the form of a dynamic link library (.dll). The use of dll files was previously seen in CryptXXX ransomware variants, which were spread through Angler and Neutrino exploit kits later on.

Download PDF for  the technical analysis of the malware
PDF icon

Prevention and Protection
The best defense against ransomware is preventing its infection from happening in the first place. Here are some simple but effective security measures users must follow to prevent the infection or the need to pay the ransom:

1. Back up your files on a regular basis. A ransomware goes after your files when it infects your computer. If you have a backup of all your important files, there is no reason why you should give in to the ransomware’s demands. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services available in the market that can take data backup periodically.

2. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.

3. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.

4. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.

5. Have an antivirus software installed on your computer that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

Acknowledgement
Subject Matter Expert – Lishoy Mathew

Quick Heal Security Labs

Quick Heal Security Labs

Follow @

Subscribe
Notify of
guest
4 Comments
Inline Feedbacks
View all comments
Anirban Dutta
Anirban Dutta
4 years ago

Thank you for your information. Please give us some free & paid cloud backup service websites name. Thanks.

Bharat Devhare
Bharat Devhare
4 years ago

Here I have problem with .zepto file which is virus like activity and my so many files as pdf and .xls format get converted into .zepto extension …what is the solution for that .. I have Quickheal TS antivirus but no use of that also…. Please send the solution…
Thanks..
Bharat Devhare…

Rajiv Singha
4 years ago
Reply to  Bharat Devhare

Hi Bharat,

Our team will get in touch with you soon to help you out.

Regards,

jayant kale
jayant kale
4 years ago

very nice adice to me

4
0
Would love your thoughts, please comment.x
()
x