Zyka Ransomware
Posted: February 2, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 11 |
| First Seen: | February 2, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Zyka Ransomware is a Trojan with encrypting capabilities that can block you from opening your local files, such as documents, photos or music. Con artists use these attacks for demanding ransoms to restore the encoded content, although malware experts suggest that you first search for a free decryption alternative. You can protect your files by keeping anti-malware products that can detect and remove the Zyka Ransomware immediately.
The 'Anonymous' Extortion with a Recognizable Mask
The campaign for the Zyka Ransomware is one of the last in a series of attacks co-opting the identity of the decentralized, hacker-activist organization Anonymous for the sake of extortion. While malware experts are finding no trail of evidence linking Anonymous to this Trojan, con artists most likely are exploiting the group's brand to give more credibility to their threats. However, since a successful Zyka Ransomware infection already barricades a variety of files on your PC, making any additional warnings, is arguably redundant.
The Zyka Ransomware may gain system access through such methods as bundling itself in a torrent download, installing itself via a website's script-based exploits or attaching itself to a forged e-mail. After infecting your PC, the Zyka Ransomware searches any available directories for over fifty file formats, including JPG, PDF and RAR. It encodes them with a cipher most likely deriving from AES and tags each filename with the '.lock' extension (which inserts itself after any already-existing one). With your files locked, the Zyka Ransomware launches what malware experts identify as a standardized, HTA-based ransom note.
The Zyka Ransomware's recycles this note from other file-encrypting Trojans' campaigns, with the only updated elements being a new Bitcoin wallet address, an Anonymous-themed background, and a new ransom demand (170 USD in Bitcoin currency). Using cryptocurrency allows con artists the option of taking the money without helping you recover your files, and is one reason why malware experts recommend recovering from a backup, or with the aid of credible anti-malware products.
Looking at the Real Face of Cyber Extortion
Since the vast bulk of the Zyka Ransomware ransoming instructions are direct copies of past attacks in circulation via a variety of threat actors, you should treat any information it offers as being suspect. With the appropriate samples of both threats and any encrypted content, third party malware researchers often may deliver decryption solutions that don't require paying a con artist. However, malware experts always recommend keeping spare backups for cases where decoding your files becomes impossible.
The Zyka Ransomware's extortionist characteristics are more in line with attacks against recreational PC users than business or government systems. Such attacks may abuse e-mail infection strategies, bundle their Trojan droppers inside of unrelated downloads, or use Web-browsing exploits to install this threat automatically. Scan new files with anti-malware products and disable potentially harmful browser features to remove the Zyka Ransomware before it locks any of your local content.
Seeing a symptom like the '.lock' extension on your files is indicative of already inflicted damage that may not be recoverable. When it comes to Trojans like the Zyka Ransomware, a small amount of preventative maintenance is both a matter of computer security and financial safety.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 69.63 KB (69632 bytes)
MD5: 66d013f8ba679eecd743116d3299a855
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 11, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.