Zepto ransomware, a new version of Locky

Starting on September 5th, a new Locky variation appeared on the internet, it is called Zepto ransomware and it has a lot of similarities with Locky. But this particular version has an embedded RSA key in it, it means that Zepto virus doesn’t need the internet connection with Command and control servers to make the encryption of your files.

Just like Locky, Zepto ransomware is spreading as email attachments with a ZIP archive that contains malicious files. According to our reports, these are HTA files that are executing right after a user opens them. There were also reports that archived files were not HTA, but JavaScript files. Interesting thing about that, is that your system won’t be able to execute these scripts, which indicates that this an impropern file name.

All encrypted files will be renamed, this ransomware adds .zepto extension to the end of the name(for example, virus.jpg will be renamed to virus.jpg.zepto). Here is full list of file extension that will be encrypted:

.ARC, .CSV, .DOC, .DOT, .MYD, .MYI, .NEF, .PAQ, .PPT, .RTF, .SQLITE3, .SQLITEDB, .XLS, .aes, .apk, .asc, .asf, .asm, .asp, .asset, .avi, .bak, .bat, .bik, .bmp, .brd, .bsa, .cgm, .class, .cmd, .cpp, .crt, .csr, .d3dbsp, .das, .dbf, .dch, .dif, .dip, .djv, .djvu, .docb, .docm, .docx, .dotm, .dotx, .fla, .flv, .forge, .frm, .gif, .gpg, .hwp, .ibd, .iwi, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .lbf, .ldf, .litemod, .litesql, .ltx, .max, .mdb, .mdf, .mid, .mkv, .mml, .mov, .mpeg, .mpg, .ms11 (Security copy), .odb, .odg, .odp, .ods, .odt, .onetoc2, .otg, .otp, .ots, .ott, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .pptm, .pptx, .psd, .pst, .qcow2, .rar, .raw, .sav, .sch, .sldm, .sldx, .slk, .sql, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tar.bz2, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .upk, .vbs, .vdi, .vmdk, .vmx, .vob, .wallet, .wav, .wks, .wma, .wmv, .xlc, .xlm, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .zip

After this virus finishes the encryption, it will create a demand message files: %Desktop%\[random]_HELP_instructions.html, %Desktop%\_HELP_instructions.html, %Desktop%\_HELP_instructions.bmp.
Here is an example of this note:

Zepto ransomware

How to prevent Zepto infection and other ransomware viruses:

The best way to protect your computer from infection is to avoid this infection at any cost. We are glad to announce that our anti-ransomware product is now ready for a beta release! GridinSoft Anti-Ransomware beta was developed to protect your computer from cyptoviruses. Try this program, it may save your computer from possible future infection. Help us make GridinSoft Anti-Ransomware better by leaving your feedback! To install this program follow next steps:

Download GridinSoft Anti-Ransomware

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.