New Variant of Zepto Ransomware Detected in the Wild

We have come across a new variant of the Zepto ransomware family. It is spreading rampantly through malspam (malicious spam) and other vectors such as exploit kits. The new variant has a few minor changes in it; the most apparent one is a change in the payload file type. The payload, which was earlier an executable file (.exe), is now in the form of a dynamic link library (.dll). The use of dll files was previously seen in CryptXXX ransomware variants, which were spread through Angler and Neutrino exploit kits later on.

Download PDF for  the technical analysis of the malware

Prevention and Protection
The best defense against ransomware is preventing its infection from happening in the first place. Here are some simple but effective security measures users must follow to prevent the infection or the need to pay the ransom:

1. Back up your files on a regular basis. A ransomware goes after your files when it infects your computer. If you have a backup of all your important files, there is no reason why you should give in to the ransomware’s demands. Remember to disconnect the Internet while you are backing up on an external hard drive. Unplug the drive before you go online again. Several free and paid Cloud backup services available in the market that can take data backup periodically.

2. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.

3. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.

4. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.

5. Have an antivirus software installed on your computer that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

Acknowledgement
Subject Matter Expert – Lishoy Mathew