Starting on September 5th, a new Locky variation appeared on the internet, it is called Zepto ransomware and it has a lot of similarities with Locky. But this particular version has an embedded RSA key in it, it means that Zepto virus doesn’t need the internet connection with Command and control servers to make the encryption of your files.
All encrypted files will be renamed, this ransomware adds .zepto extension to the end of the name(for example, virus.jpg will be renamed to virus.jpg.zepto). Here is full list of file extension that will be encrypted:
.ARC, .CSV, .DOC, .DOT, .MYD, .MYI, .NEF, .PAQ, .PPT, .RTF, .SQLITE3, .SQLITEDB, .XLS, .aes, .apk, .asc, .asf, .asm, .asp, .asset, .avi, .bak, .bat, .bik, .bmp, .brd, .bsa, .cgm, .class, .cmd, .cpp, .crt, .csr, .d3dbsp, .das, .dbf, .dch, .dif, .dip, .djv, .djvu, .docb, .docm, .docx, .dotm, .dotx, .fla, .flv, .forge, .frm, .gif, .gpg, .hwp, .ibd, .iwi, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .lbf, .ldf, .litemod, .litesql, .ltx, .max, .mdb, .mdf, .mid, .mkv, .mml, .mov, .mpeg, .mpg, .ms11 (Security copy), .odb, .odg, .odp, .ods, .odt, .onetoc2, .otg, .otp, .ots, .ott, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .pptm, .pptx, .psd, .pst, .qcow2, .rar, .raw, .sav, .sch, .sldm, .sldx, .slk, .sql, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tar.bz2, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .upk, .vbs, .vdi, .vmdk, .vmx, .vob, .wallet, .wav, .wks, .wma, .wmv, .xlc, .xlm, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .zip
After this virus finishes the encryption, it will create a demand message files: %Desktop%\[random]_HELP_instructions.html, %Desktop%\_HELP_instructions.html, %Desktop%\_HELP_instructions.bmp.
Here is an example of this note:
How to prevent Zepto infection and other ransomware viruses:
The best way to protect your computer from infection is to avoid this infection at any cost. We are glad to announce that our anti-ransomware product is now ready for a beta release! GridinSoft Anti-Ransomware beta was developed to protect your computer from cyptoviruses. Try this program, it may save your computer from possible future infection. Help us make GridinSoft Anti-Ransomware better by leaving your feedback! To install this program follow next steps:
- Download GridinSoft Anti-Ransomware.
- Follow the installation instruction.
- Open the program and enable the protection.