Email
Password
Remember meForgot password?
    Log in with Twitter

article imageMicrosoft warns Windows users of 'worm-like' ransomware

By James Walker     May 31, 2016 in Technology
Microsoft has warned Windows users that a new form of ransomware in the wild is dangerous and capable of self-reproducing. It propagates itself across removable and network drives, creating copies to infect as many files and devices as possible.
As Neowin reports, Microsoft recently detailed the ransomware in a post on its Threat Research & Response blog. Known as ZCrypto, the ransomware arrives on a user's machine in a spam email. The email prompts a user to install some fake software based on a real utility such as Flash Player. ZCrypto then embeds itself into the system, ensuring it runs at startup and is hidden from the user.
The ransomware requests for a payment of 1.2 bitcoins, around $500, to be sent to a specified wallet address. It provides a deadline of four days to pay up before raising the fee to 5 bitcoins. It claims to destroy the decryption key required to recover the files if the payment isn't received within seven days of the ransomware's installation.
ZCrypto targets a wide range of file types including documents, images, music and videos, code, compressed directories and some applications such as Java and Flash programs and Android apps. Once encrypted, the ransomware changes the file extension of all files to ".zcrypt" to help disguise their identity.
Microsoft warned that ZCrypto could be difficult to fully remove because it tries to manifest itself across the drives connected to an infected PC. Once installed, it places a link to its executable in all connected network drives and removable devices so it can infect more files.
Copies of the program are also created in several other places on an infected device. ZCrypto tries to hide its existence from the user by setting the "hidden" file attribute, making it invisible unless you know what you're looking for.
Microsoft advised Windows users to make regular backups of their data and enable system protection mechanisms. Sites known for hosting malware such as illegal download services should be avoided and attachments in spam emails should be deleted immediately.
To stay secure, you should keep your computer's operating system up to date with the latest security patches. A reliable antivirus and antimalware solution should also be installed with the latest malware definitions so it is aware of emerging threats like ZCrypto.
Ransomware is an increasingly popular form of malware that is targeting home and business users alike. Hackers typically demand bitcoins after encrypting a user's personal files, convincing them to pay up to get their data returned. More often than not, an effective backup strategy can combat a ransomware campaign though, letting you restore your data without having to pay out.
Earlier this month, one major ransomware was closed down by its creator in a surprise move. TeslaCrypt was one of the most successful campaigns to date but it has now been banished from the Internet. Alternatives like ZCrypto are already stepping up to replace it though, making it important you keep your computer updated.
More about Ransomware, Malware, Windows, Security, Encryption
 
Latest News
Top News