Use Removable Devices Carefully! ZCryptor Ransomware May Harm Your System!

Ransomware attacks are growing very fast from last year. Hackers are targeting users by using different types of Ransomwares like Samas, Petya, Locky (For Windows), Linux.Encoder (For Linux), LockDroid (Android) and KeyRanger for (Mac OS X). According to security researchers of Microsoft, cyber crooks are using a new type of ransomware to target users. The name of this Ransomware is ZCryptor. This ransomware could infect removable devices and these removable devices are able to encrypt the data of connected systems. This is a new type of Ransomware and hackers are using different methods to spread this Ransomware. This Ransomware is spreading malicious files through spam emails, by sending fake installers requests and malicious voice emails.

How it works?

ZCryptor is a hard coded Ransomware. It can hide itself behind the important program files of system. It drops a file named “autorun.inf” in the file system of removable devices. This “autorun.inf” is a malicious file which could infect all the systems these drives are plugged into. It could infect network devices also. Win32/ZCryptor.A may change its working functionality and attributes by droping some malicious files in file explorer. The Ransomware is targeting those systems, which are using Windows 7, Windows 8 and Windows XP Operating Systems. ZCryptor could make a registry file of itself for infecting boot time removable devices.

Files Used by ZCryptor Ransomware

zycrypt.lnkin (Startup Folder)

{Drive}:\system.exe (Hidden File)

%appdata%\zcrypt.exe (Hidden File)

Fingerprints of ZCryptor Ransomware

This Ransomware is infecting program files and changing their extension into ".zcrypt". It is very smart Ransomware because it is also making a zcrypt1.0 mutex on devices to recognize them in future. This Ransomware is using Command and Control Servers to send information. The authors of this ransomware are professional hackers that’s why the server files goes disable when researchers made a scan of it. Hackers are demanding 1.2 Bitcoins from victims for decryption key. If victim will not make this transaction for four days, the price of decryption key may change into 4 Bitcoins.