Home Malware Programs Ransomware MZP Ransomware

MZP Ransomware

Posted: January 2, 2020

The MZP Ransomware is a file-locking Trojan without any noted family ancestry, such as a Ransomware-as-a-Service business. The MZP Ransomware can, however, like most threats of its type, block your files through encryption, change their extensions, and generate ransom notes. Responsible backup practices will alleviate damages from infections, and most anti-malware utilities should delete the MZP Ransomware on sight.

A Program that's 'Zany to the Max'

References to popular media products are an occasional theme in file-locker Trojans, and help solo campaigns stand out from the more professional (and, arguably, more boring) Ransomware-as-a-Service families. The MZP Ransomware is one of the first of 2020 to conduct its attacks with bonus cartoon series references, which, strikingly, it has in common with a Russian-Ukrainian counterpart. Whether the MZP Ransomware is a relative of the Erica2020 Ransomware or merely shares the theme, it poses a similar problem to victims' files.

The MZP Ransomware is circulating as a Windows EXE or BIN file without any significant disguising details, like a signature or falsified copyright information. Like the Erica2020 Ransomware, it uses a character from the cast of Warner Brothers' 'Animaniacs' cartoon for its icon, although not the same one. As with nearly all file-locker Trojans, it depends on AES encryption as its defining feature and attack, which blocks documents and other media and holds them up for a ransom.

The MZP Ransomware identifies what it's keeping hostage through sets of eight, random characters that it appends into their names as extensions. This extension choice and its accompanying English ransom note don't identify the Trojan. However, the MZP Ransomware also implants file markers, from which researchers are taking the name. The initials reference one of the programming languages that the MZP Ransomware uses – Pascal.

Keeping the Wrong Program's Name Out of Your File Data

Although a mere implanting of initials or 'signature' by a Trojan isn't problematic for your files, particularly, the MZP Ransomware's encryption is another story. Without a public decryptor that may never appear, the Trojan can hold digital media hostage indefinitely. Generally, most users without previously-saved backups will have to choose between risking the ransom or losing their work.

Ultimately, most victims of file-locker Trojan attacks fall into a small number of preventable categories. Opening e-mail attachments from strangers, enabling document or spreadsheet macros, not installing security patches, running JavaScript or Flash on unsafe websites, and downloading illicit software from sources like torrents can endanger your PC. Malware experts also recommend admins to maintain appropriate protocols for passwords and other credential selections.

Anti-malware software from many companies are detecting this Trojan and can delete the MZP Ransomware, despite being incapable of unlocking any media files. What the MZP Ransomware's relationship is to the less-generic the Erica2020 Ransomware is a question worth answering, with more evidence, samples and time. Hopefully, however, any Windows users will be protecting their files regardless and keeping either Trojan from making headway with their ransoming profits.

Loading...