ZaCaPa Ransomware
The ZaCaPa Ransomware is a file-locking Trojan from the Xorist Ransomware family. Besides blocking media files and holding them hostage, the ZaCaPa Ransomware can create ransom notes in text, change files' extensions, and swap the user's wallpaper. Users should remove the ZaCaPa Ransomware with applied anti-malware tools and use backups or free alternatives to its ransom-based unlocking help.
Inviting Trojans in for TEA-Time
The kit of file-locking Trojans that leverages XOR and TEA encryption against victims' files is staying lively in 2020, with new versions like the ZaCaPa Ransomware being almost indistinguishable from close relatives like the TiNx Ransomware. However, this family is old, going back to examples in Trojan attacks like the XRat Ransomware (from 2016), the Crypto1CoinBlocker Ransomware (2017) and more. Since any threat actor can pick up and use Xorist Ransomware's kit, attribution for the ZaCaPa Ransomware's campaign becomes difficult.
However, malware researchers can verify several significant facts about the ZaCaPa Ransomware. It continues using UPX packing for protecting itself from detection attempts by security products and remains Windows-only. The defining functionality of its payload is the data encryption, which blocks files on infected computers and tags them with 'ZaCaPa' extensions (as per its name).
The profit portion of its campaign comes from the ransom notes it delivers in a TXT format. The threat actors are selling their unlocking help for over a thousand USD in Bitcoins, with two transactions from this year matching its demands. However, users should avoid the payments, if possible, since criminals can ignore decryption requests afterward and may even upload additional threats instead of samples of supposedly-unlocked media.
Shrinking Crime Families Out of Business
Like all file-locking Trojans, the ZaCaPa Ransomware depends on acquiring victims who aren't protecting their digital media appropriately. The presence and maintenance of a backup on at least one secondary device is a silver bullet to file-locking Trojans' attacks. In all cases, it removes any need for breaking a potentially-perfect encryption routine. While the ZaCaPa Ransomware's payload assumes English speakers, malware experts can't narrow its campaign down any further, besides the general compatibility with Windows environments.
All users can make themselves safe from possible infection attempts by moderately curating their Web-browsing habits. Turning off Flash and JavaScript, installing software updates, enabling visible extensions, and scanning all downloads will remove most dangers of drive-by-download attacks. Malware experts also recommend that server admins remember the value of securing passwords and RDP features from hackers using targeted or scanner-based strategies for finding vulnerable entities.
Anti-malware products from reliable, well-known companies are identifying various releases from the Xorist Ransomware family. Users with this software protection should remove the ZaCaPa Ransomware with virtually no effort or difficulty.
The price of neglecting a backup isn't always a four-digit number, although the ZaCaPa Ransomware is far from the most expensive Trojan. Instead of hoping that they encounter a 'cheap' software hoodlum, users should avoid the digital equivalent of walking down dark alleyways late at night.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.