Beware the latest ransomware virus: Zepto

“Zepto” – sounds like a kids TV character or a small hatchback car doesn’t it?

Well, I’m sorry to say Zepto isn’t going to help transport your groceries home. And it certainly won’t keep the kids happy.

Zepto is a new type of Ransomware which first appeared on the IT scene around a month ago. Unfortunately it’s becoming vastly apparent that it’s a new and improved version of the old ‘Locky’ Ransomware.

This type of ransomware relentlessly targets people across the world and is designed to infect any Microsoft Windows operating system. If you are unsure of what Ransomware is take a look at my blog ‘Ransomware: Why does this cyber threat keep growing?’

In a nutshell, this type of virus finds its way onto your system (mainly via an email attachment) and once you’ve clicked ‘open’ the virus spreads its way through all of your files and encrypts them with an asymmetric encryption algorithm. This essentially denies you access to your precious files until you adhere to their terms…i.e paying them a ransom in the form of BitCoins.

For the techies out there, this particular piece of ransomware uses RSA-2028 and AES-128 encryption – so it’s safe to say that the vast majority of us won’t be able to get back into the files by breaking the encryption.

As I’ve said previously, we never recommend giving into Ransomware demands as this is likely to leave you out of pocket as well as being red faced when you realise you still haven’t got your files back. I’m actually yet to discover anyone that has paid up and been given the access to their files as a result. Plus it fuels the hackers to carry out more attacks on more businesses.

A well supported company should always have backups of your data and this would always be the recommended way of restoring access to your data.

You can see this in action in the video below from our recent futuretech event, when our disaster recovery partners Datto demonstrated what happens when Ransomware takes hold:

In the face of viruses like Zepto, it’s incredibly important to educate your users as to the potentially destructive nature of them. To help you out, here’s some basic tips:

1) Know what to look for

Zepto typically arrives via email in a very predictable email body which you can see below. The email itself is harmless, however the zipped attachment is where the problem lies.

We are finding that it will either contain an Executable file (.exe) or a Macro Enabled Word document (.docm). The zip file itself can often hide its contents from your anti-spam systems, hence why are we seeing so many get through. The fact that Word files can hide such a notorious virus shows the power of Macros and how they can be built to cause disruption if required.

So, please keep your staff aware of the dangers of unsolicited emails, especially from unknown senders containing attachments – and especially those that look similar to the above example.

2) Use good back-up technologies

There are plenty available to any sized business to ensure that all of your data is backed up, whether it be onto external media such as tapes or complete off site backups – this is critical if you ever find yourself trying to recover data lost by Ransomware. Having a back-up strategy is crucial, so please talk to TSG if you feel you need to have a review of yours.

3) Seek out good Anti-Virus and Anti-Spam products

It’s only taken a few months for this new type of Ransomware to break onto the scene, but a good anti-virus and anti-spam product will be able to protect you more effectively – companies like Sophos tend to find out about these nasties before the general public do, and they often train their products to quarantine or delete anything that matches the signature of a virus they have enlisted on their virus databases.

If you are unfortunate enough to have Zepto infect your network, then a good anti-virus is important to help remove any sign of infection before you think about restoring your data.

If you have any concerns about how your business might cope against a potential IT security threat like Zepto, please give us a call and one of our security experts will be glad to speak with you.