It's Here. Nasty Ransomware That Spreads Like A Worm.
Microsoft released an alert about a new ransomware strain called ZCryptor, which works like a worm and spreads via removable and network drives. The MalwareForMe blog reported this first on May 24th. Three days later, Redmond's security team decided to alert everyone about this threat.
“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft's Malware Protection Center post stated. A subsequent analysis by Trend Micro confirmed Microsoft's findings, categorizing the threat as a "worm," with self-propagation features.
ZCryptor spreads via email with malicious macro attachments and a fake Adobe Flash Player installer.
Microsoft wrote that this strain use fake installers, usually for Adobe Flash, along with macro-based booby-trapped Office files to distribute the Zcryptor ransomware. Macro-based malware uses what could be argued as "user-consent prompt fatigue," only Microsoft can come up with a term like that.
Once the user installs the fake Adobe Flash update or allows an attached Office file to run macros, the Zcryptor ransomware is installed on the user's computer. The first thing the ransomware does is to gain PC restart persistence by adding a key to the computer's registry. After this, it starts to encrypt files.
Based on samples it analyzed, Microsoft reported the ransomware was targeting 88 different file types. The security researcher MalwareHunterTeam told Softpedia that, in samples he analyzed, he saw the ransomware targeted 121 different file types, so it appears that ZCryptor's criminal developers are still working and adding new code.
ZCryptor apparently is able to copy itself to removable and network drives. The most worrying thing was Microsoft saying the ransomware has "worm-like behavior," meaning it can spread by itself to nearby targets. This type of behavior was predicted, but now it's here.
This is one of the first ransomware strains that features such a function. MalwareHunterTeam also said "that it [ZCryptor] has the codes to copy itself to removable devices." Once installed on disk and available files are encrypted, a ransom note appears demanding 1.2 bitcoins, around 500 dollars, for the decryption key. It gives the victim four days to comply and then boosts the payment to five Bitcoins.
Effective security awareness training can stop this ransomworm in its tracks. Users can easily be trained to not enable macros or install fake updates. Find out how affordable this is for your organization and be pleasantly surprised.
Computer Visions can help you protect your company. We can train you on how secure your network; or we send one of our network engineers/security experts to your business to secure your network.
Don't wait to be safe!!
If you come across interesting news that you think we should share - email firstname.lastname@example.org!
About Computer Visions
Computer Visions is a New York State, woman-owned and operated provider of computer training, specializing in the education of business professionals.
Download our Catalog
Download July - December 2018 course catalog in PDF format.
Search Our Classes
NYS E-Commerce Initiative
Computer Visions is on New York State Contract. All New York State Agencies may contract with Computer Visions up to $200,000 without a bid under the New York State Certified Minority Women-Owned Business Program