Blog
Quick Heal Security Labs

New Variant of Zepto Ransomware Detected in the Wild

August 30, 2016
  • 1
    Share
4
Estimated reading time: 2 minutes

We have come across a new variant of the Zepto ransomware family. It is spreading rampantly through malspam (malicious spam) and other vectors such as exploit kits. The new variant has a few minor changes in it; the most apparent one is a change in the payload file type. The payload, which was earlier an executable file (.exe), is now in the form of a dynamic link library (.dll). The use of dll files was previously seen in CryptXXX ransomware variants, which were spread through Angler and Neutrino exploit kits later on.

Download PDF for  the technical analysis of the malware
PDF icon

Prevention and Protection
The best defense against ransomware is preventing its infection from happening in the first place. Here are some simple but effective security measures users must follow to prevent the infection or the need to pay the ransom:

1. Back up your files on a regular basis. A ransomware goes after your files when it infects your computer. If you have a backup of all your important files, there is no reason why you should give in to the ransomware’s demands. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services available in the market that can take data backup periodically.

2. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.

3. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.

4. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.

5. Have an antivirus software installed on your computer that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

Acknowledgement
Subject Matter Expert – Lishoy Mathew

  • 1
    Share

Have something to add to this story? Share it in the comments.

Quick Heal Security Labs
About Quick Heal Security Labs
Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal...
Articles by Quick Heal Security Labs »

4 Comments

Your email address will not be published.

CAPTCHA Image

  1. Anirban DuttaAugust 30, 2016 at 7:06 PM

    Thank you for your information. Please give us some free & paid cloud backup service websites name. Thanks.

    Reply
  2. Bharat DevhareSeptember 13, 2016 at 5:25 PM

    Here I have problem with .zepto file which is virus like activity and my so many files as pdf and .xls format get converted into .zepto extension …what is the solution for that .. I have Quickheal TS antivirus but no use of that also…. Please send the solution…
    Thanks..
    Bharat Devhare…

    Reply
  3. very nice adice to me

    Reply