ZCryptor is a malicious software that infects removable devices and network drives to encrypt files stored on a computer. It mainly spreads through spam emails, macro malware or fake installers. ZCryptor was first discovered by a security researcher named Jack, after which Microsoft also investigated the potential threats caused by the ransomware. The company issued an alert for the users stating:
“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. It leverages removable and network drives to replicate itself and infect more systems. We detect this ransomware as Ransom:Win32/ZCryptor.A.”
According to the researchers, the ransomware was initially designed to target systems with Windows XP 64 bit, but computers having the latest version of the operating system can also be infected.
How Does ZCryptor Work?
To infect a computer system, ZCryptor uses the common phishing techniques, such as camouflaging an executable file as a known software, usually Adobe Flash Player, or through macro files in Microsoft Office. Once executed on the system, the ransomware starts encrypting the files stored in it. It creates a registry key to ensure auto-execution on every start-up. Next, an ‘autorun.inf’ file is installed on the removable drives so that the malware spreads to all computer systems that these devices connect to. It replicates by creating copies in different network drives and using multiple file attributes in order to avoid detection by the users.
ZCryptor is known to encrypt a wide range of file formats including documents, audio, video, image, archive, database, APK, Java source code etc. and change their extension to ‘.zcrypt’. Upon encryption of all the files, a pop-up appears on the computer screen, asking the user to pay a ransom amount to get access to the unique decryption key.
How To Protect Against ZCryptor?
- Keep your operating system and other software updated to stay protected against the known vulnerabilities.
- Avoid visiting suspicious websites, opening unknown email attachments and downloading software from unidentified developers.
- Use a reliable anti-virus software to prevent and detect malware infections.
- Disable macro files in Microsoft Office.
- Keep a backup of your files on a removable media device to minimize the consequences of a ZCryptor attack.
- Format the infected removable drives before you connect them to other computer systems.
For more information about ZCryptor ransomware, you can contact Centex Technologies at (972) 375-9654.