Home Malware Programs Ransomware Zasifrovano Zaplat Ransomware

Zasifrovano Zaplat Ransomware

Posted: September 21, 2020

The Zasifrovano Zaplat Ransomware is a file-locking Trojan that targets residents of the Czech Republic. The Zasifrovano Zaplat Ransomware blocks files using an encryption feature from the Xorist Ransomware before displaying its ransom demands in a Czech-language pop-up. Users with backups on other devices can recover from them, but should, first, remove the Zasifrovano Zaplat Ransomware with appropriate anti-malware tools.

Trojans Streaming Over Europe, All for Free

Free sources for Trojans are a well-known part of the threat landscape when comparing them to hired Ransomware-as-a-Service and in-house custom software. Although it has more than a little catching up to do, by the numbers, the Xorist Ransomware Trojan-builder utility or kit is making its voice heard in 2020. New versions often target different European regions, such as the Bl9c98vcvv Ransomware and Portuguese speaking users – or, further east, the Zasifrovano Zaplat Ransomware and the Czech Republic.

The Zasifrovano Zaplat Ransomware, unlike the other Xorist Ransomware variant, doesn't display English messages for its victims and anticipates native Czech speakers as the probable victims. Technically, it's not highly different from Xorist Ransomware threats like the GlUTe Ransomware, the Xorist-TAKA Ransomware or the VuLiCaPs Ransomware. Like its relatives, it uses TEA or XOR encryption for blocking digital media and adds an extension (the Czech equivalent of 'pay encrypted') to the names of documents, pictures and so forth.

Other than the extension, the Zasifrovano Zaplat Ransomware's Czech focus also is part of its ransom note, a pop-up that's an optional feature for the Xorist Ransomware. Besides the language, the alert also specifies Bitcoins in Czech Koruna and asks for the equivalent of just under four hundred American dollars in value. In malware experts' analyses, using such a specific currency is rare for file-locker Trojans. Still, the Zasifrovano Zaplat Ransomware regionalism isn't, necessarily, a direct limitation on its file-locking attack.

Don't Write Trojans Checks in Czech

Each ransom that victims pay to the Zasifrovano Zaplat Ransomware's campaign offers more incentive for continuing attacks and no sure chance at getting a file-unlocking service. This risk is even more foolhardy than usual, since the Zasifrovano Zaplat Ransomware's family, the Xorist Ransomware, has freeware decryption tools on the Web. Malware experts still encourage using dependable backups as an alternative recovery solution that can protect files from Trojans of any lineage, whether they're 'freeware,' Ransomware-as-a-Services or custom projects.

The Zasifrovano Zaplat Ransomware's installers use multiple disguises, most of which have the themes of pirated gaming content (like the PC port for Ivory Tower's 'the Crew 2'). Web surfers should avoid installing programs from torrents without scanning them for threats, first, and refuse illicit downloads. Some threat actors may supplement these infection vectors with corrupted e-mail attachments or brute-forcing server admins' logins.

Dedicated anti-malware products are well-equipped to identify Xorist Ransomware's members and delete the Zasifrovano Zaplat Ransomware or stop it from installing itself during drive-by-download attempts.

That the Zasifrovano Zaplat Ransomware invests all of its ransoming hopes into one country is odd, but might be a clue of the threat actor's residency. In any event, residents of every country using Windows should remember that the OS is a favorite encryption target.