ZaCaPa Ransomware Description
The ZaCaPa Ransomware is a file-locking Trojan from the Xorist Ransomware family. Besides blocking media files and holding them hostage, the ZaCaPa Ransomware can create ransom notes in text, change files' extensions, and swap the user's wallpaper. Users should remove the ZaCaPa Ransomware with applied anti-malware tools and use backups or free alternatives to its ransom-based unlocking help.
Inviting Trojans in for TEA-Time
The kit of file-locking Trojans that leverages XOR and TEA encryption against victims' files is staying lively in 2020, with new versions like the ZaCaPa Ransomware being almost indistinguishable from close relatives like the TiNx Ransomware. However, this family is old, going back to examples in Trojan attacks like the XRat Ransomware (from 2016), the Crypto1CoinBlocker Ransomware (2017) and more. Since any threat actor can pick up and use Xorist Ransomware's kit, attribution for the ZaCaPa Ransomware's campaign becomes difficult.
However, malware researchers can verify several significant facts about the ZaCaPa Ransomware. It continues using UPX packing for protecting itself from detection attempts by security products and remains Windows-only. The defining functionality of its payload is the data encryption, which blocks files on infected computers and tags them with 'ZaCaPa' extensions (as per its name).
The profit portion of its campaign comes from the ransom notes it delivers in a TXT format. The threat actors are selling their unlocking help for over a thousand USD in Bitcoins, with two transactions from this year matching its demands. However, users should avoid the payments, if possible, since criminals can ignore decryption requests afterward and may even upload additional threats instead of samples of supposedly-unlocked media.
Shrinking Crime Families Out of Business
Like all file-locking Trojans, the ZaCaPa Ransomware depends on acquiring victims who aren't protecting their digital media appropriately. The presence and maintenance of a backup on at least one secondary device is a silver bullet to file-locking Trojans' attacks. In all cases, it removes any need for breaking a potentially-perfect encryption routine. While the ZaCaPa Ransomware's payload assumes English speakers, malware experts can't narrow its campaign down any further, besides the general compatibility with Windows environments.
Anti-malware products from reliable, well-known companies are identifying various releases from the Xorist Ransomware family. Users with this software protection should remove the ZaCaPa Ransomware with virtually no effort or difficulty.
The price of neglecting a backup isn't always a four-digit number, although the ZaCaPa Ransomware is far from the most expensive Trojan. Instead of hoping that they encounter a 'cheap' software hoodlum, users should avoid the digital equivalent of walking down dark alleyways late at night.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to ZaCaPa Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.