By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Seven Steps to Recover from Scareware
    8 months ago
    Protecting Computers and Smartphones from Cryptolocker, Pletor aka Simplocker and Other Ransomware
    8 months ago
    Facebook Messenger: The New Platform to Rule Them All
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    19 mins ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    19 mins ago
    Safeguards against firmware signed with stolen MSI keys
    2 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    2 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How to enable DNS over HTTPS in Chrome
    8 months ago
    How to check Windows Update history on Windows 10
    8 months ago
    Windows 10 update KB5011543 (build 19044.1620) brings search highlights
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    3 hours ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    3 hours ago
    What is two-factor authentication | Kaspersky official blog
    3 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    5 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to Clean the Windows Registry
    8 months ago
    How to listen to Vkontakte music without restrictions?
    8 months ago
    How to separate audio from video on iPhone?
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    3 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    3 days ago
    How to check USB4 devices specs from Settings on Windows 11
    3 days ago
    How to enable new header UI for File Explorer on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: ZCryptor: Ransomware that spreads itself as a worm
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsThreatsWordpress Threats

ZCryptor: Ransomware that spreads itself as a worm

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
6 Min Read

Analysts and researchers agree that 2016 is the year when ransomware went really big. Cybercrooks didn’t need much time to see the potential value of cryptolockers, and they readily added ransomware to their arsenals. To give you an idea of the profitability, Cisco researchers reported in 2015 that a single Angler exploit kit brings cybercriminals profits of up to $60 million annually, or on average $5 million every month!

Contents
The rise of cryptowormsZCryptorMeans of protection

ZCryptor: Ransomware that spreads itself as a worm

The usual suspects of the modern ransomware market — Petya and his friend Mischa, as well as their distant relative, Locky — currently prey on users in more than 100 countries. Hackers recently started focusing more attention on enterprises and organizations in possession of valuable data: Lately, a number of US hospitals became victims of ransomware attacks.

The rise of cryptoworms

In their attempts to get as much money as possible, as soon as possible, cybercriminals seek ways to expand their attacks so they can further propagate their lockers. Malicious spam campaigns still work, but they are not as efficient as before; with cyberthreats getting coverage in the media, users are becoming more savvy and getting to know the most frequently used tricks.

In another important development, Web browsers and antiviruses have learned to detect and block malicious URLs or malware-laced spam. In response, hackers have gradually phased out their usual “carpet bombing” approach to malware distribution. Increasingly, they are turning to methods used long ago in the most widespread and efficient campaigns: good ol’ worms.

Meet the #cryptoworm… the future of #ransomware via @zpring @threatpost https://t.co/zndtXFulGB pic.twitter.com/BYRjQG8X7j

— Kaspersky Lab (@kaspersky) April 12, 2016

Researchers predict that the next stage of ransomware development will bring cryptoworms — a poisonous hybrid of self-propagating malware and ransomware. This new type of malware takes the best of both worlds to form a new species of ransomware that can copy and distribute itself by means of infected computers, efficiently encrypting files and demanding ransom.

The first such malware was SamSam, which sneaked onto a number of enterprise networks and infected computers on the networks as well as cloud storage containing backup copies.

ZCryptor

This week, Microsoft detected a new sample of a cryptoworm, dubbed ZCryptor. It’s unique in that it both encrypts files and self-propagates to other computers and network devices without using malicious spam or an exploit kit. The malware copies itself onto connected computers and portable devices.

To infect the first victim, ZCryptor uses common techniques, masquerading as an installer of a popular program (e.g., Adobe Flash) or infiltrating the system through malicious macros in a Microsoft Office file.

#Microsoft Warns of ZCryptor #Ransomware with Self-Propagation Features https://t.co/Iuwsv8hxxl #malware pic.twitter.com/QBSMGxtSgg

— Catalin C. (@campuscodi) May 27, 2016

Once inside the system, the cryptoworm infects external drives and flash drives so it can be distributed to other computers, and then starts to encrypt files. ZCryptor can encrypt more than 80 file formats (some sources say 120 formats) by adding a .zcrypt extension to the name of the file.

After that, the story revolves around a well-known scenario: Users see an HTML page informing them that their files are encrypted and available for a ransom — in this case, 1.2 bitcoins (about $650). If the users don’t pay that sum in four days, the ransom increases to 5 bitcoins (more than $2,500).

Unfortunately, experts have not been able to find way to decrypt the files and let the affected users bypass the ransom option. That means the only reasonable option for now is to be extra cautious and avoid infection.

10 tips to protect your files from ransomware https://t.co/o0IpUU9CHb #iteducation pic.twitter.com/I47sPIiWFF

— Kaspersky Lab (@kaspersky) November 30, 2015

Means of protection

If you want to be spared a ZCryptor attack, use these simple tips:

  • Update your operating system and software regularly, closing exploitable vulnerabilities and thus preventing the cryptoworm from travelling around your network.
  • Always be on alert and avoid suspicious websites; don’t open attachments coming from a murky source. In general, respect the basic rules of digital hygiene.
  • Disable macros in Microsoft Word — they are regaining popularity among cybercrooks as a means of dropping malware.
  • Regularly back up your files and store one copy on an external drive that you then disconnect from your PC. Although backed-up files do not prevent ransomware from infecting your system they are solid protection: If you have your valuable data at hand, there’s no reason to pay ransom.
  • Of course, use reliable protection software. Kaspersky Internet Security detects ZCryptor as Trojan-Ransom.MSIL.Geograph and protects users from this threat.

Source: kaspersky.com

Translate this article

TAGGED: Malware, Microsoft, Microsoft Office, RC4, Security, Software, Split tunneling, Threat, Threats, Vulnerabilities
Vitus White October 13, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Reduce latency and increase cache hits with Regional Tiered Cache
Reduce latency and increase cache hits with Regional Tiered Cache
Apps 3 hours ago
Cloudflare is deprecating Railgun
Cloudflare is deprecating Railgun
Apps 3 hours ago
Triangulation: Trojan for iOS | Kaspersky official blog
Threats 3 hours ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Wordpress Threats 3 hours ago
Safeguards against firmware signed with stolen MSI keys
Threats 2 days ago

Recent Posts

  • Reduce latency and increase cache hits with Regional Tiered Cache
  • Cloudflare is deprecating Railgun
  • Triangulation: Trojan for iOS | Kaspersky official blog
  • Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
  • Safeguards against firmware signed with stolen MSI keys

You Might Also Like

Reduce latency and increase cache hits with Regional Tiered Cache
Apps

Reduce latency and increase cache hits with Regional Tiered Cache

3 hours ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

3 hours ago
Threats

Triangulation: Trojan for iOS | Kaspersky official blog

3 hours ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)

3 hours ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
Previous Next
Hot News
Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?