- November 7th, 2016
What do you get when you cross ransomware with a virus? Zcrypt. It’s a new and dangerous ransomware/virus hybrid. It’s a combination of how damaging a ransomware attack can be to your privacy, having an old twist on new methods.
What is Zcrypt?
Viruses are no laughing matter and neither is ransomware. Put them together and it’s a recipe for disaster. You are probably familiar with the way a typical attack goes – someone gets an email with an infected link or attachment, or they fail to patch or update their operating system. Then boom – their files are encrypted. In order to get the files back, the victim needs to pay their attacker the specified amount, usually somewhere between 1-2 bitcoins or $450-950. Then, hopefully they will get their (unencrypted) files back.
Not your Typical Ransomware
Zcrypt was discovered by ZoneAlarm’s parent company, Check Point Software Technologies and in some ways it seems like a typical ransomware variant. The payload is delivered through infected links in emails, encrypting files and demanding payment in order to decrypt. However, this is where the similarities end.
The creators of Zcrypt are very savvy and don’t want to create a variant that would be easily detected by the regular anti-malware programs available. Zcrypt spreads its ransomware via infected email links and phishing attempts, but it also delivers a self-propagating virus that infects computers by way of USBs. When an infected USB is plugged into a computer or other device, it automatically activates a file called “invoice.exe” which, similar to a virus, begins to encrypt files as soon as it’s opened. According to Tamara Leiderfarb at Check Point, this virus-like auto-run method was around a few years ago but has since fallen out of use because it’s a relatively slow-working tactic. Zcrypt also uses other methods to evade detection that have not been seen recently. Since these methods are out of use, newer anti-malware technologies are not designed to detect them, making the older methods stronger again.
Don’t get too comfy and think that Zcrypt is any less dangerous just because it’s using older attack methods. The creators really want to ensure there is no way to recover files without paying them, so they override files twice – once by corrupting the files and then again by encrypting them. They also monitor any new files that might be created and encrypts them too!
5 Tips to Avoid Zcrypt
As always there are some steps you can take to keep yourself safe from Zcrypt and all other ransomware variants too:
- Stay away from all suspicious emails that contain attachments and/or links.
- Never plug in random USBs into your devices since they might harbor Zcrypt or some other malware.
- Patch and update your operating system and software as you are instructed to.
- Make multiple backups of your files, storing one copy with a cloud-based backup service and the other on your local hard drive for enhanced security.
- Run a reliable and proven antivirus and anti-malware product like ZoneAlarm Antivirus that will protect you from both old and new threats.
Do not underestimate hackers or the dangers of Zcrypt. Luckily, there haven’t been too many known cases observed as of yet, but it pays to be extra vigilant where your digital security is concerned. Be sure to utilize our tips and backup your files, so you’ll never have to give into hackers or Zcrypt!