Zemblax Ransomware
The Zemblax Ransomware is a file-locker Trojan that's a variant of the Jigsaw Ransomware. Campaigns are circulating it as a drop by an additional threat, the spyware LokiBot, which may collect passwords and other information. Victims should remove the Zemblax Ransomware and LokiBot through robust anti-malware services immediately before re-securing any encrypted files or collected data.
Two Hits in Bad Software Coming Together
The Jigsaw Ransomware isn't nearly as broadly-distributed as the larger Ransomware-as-a-Services. Still, its capacity for causing damage to files in high-stress situations makes it nigh-legendary in the threat landscape. Now, an equally-threatening program that specializes in collecting information is deploying a variant of that Trojan for distracting victims – or just making even more money on the side. The campaign, leveraging the Zemblax Ransomware and LokiBot, is arriving through phishing tactics.
The attack uses well-crafted documents, such as spreadsheets, with themes like invoices, that are apparent modifications of previously-existing ones. However, these threatening versions of the files include a remote code execution vulnerability, thanks to the document-building kit of LCG Kit. If it triggers, the system receives a silent download and installation of the LokiBot spyware, which can collect data ranging from cryptocurrency wallet credentials to Web-browsing information. It also drops the Zemblax Ransomware and has an all-purpose keylogger that records the user's keyboard strokes.
The Zemblax Ransomware is a minor variant of the Jigsaw Ransomware, a file-locking Trojan that encrypts media along with deleting it. The deletion function may trigger whenever the Zemblax Ransomware restarts – such as during a normal reboot – or on a looping timer. The Zemblax Ransomware's main changes are to the advanced Web page that acts as its ransoming note, which abandons the 'Saw' movie theme for a stylized picture of the artist Salvador Dali.
Solving a Puzzle of Computer and Data Security
Software updates can remove most, if not all, vulnerabilities like CVE-2017-11882, which can harm only users running outdated versions of Microsoft Office. Malware researchers also recommend against enabling macros, when possible, which serve as frequent infection vectors for file-locking Trojans, corporate-targeting spyware, and a multitude of other threats. Victims of the Zemblax Ransomware infections should also remember that the less-visible presence of LokiBot may result in the theft of account passwords and equally-sensitive information while they're dealing with the file-locking attack.
Since the Jigsaw Ransomware destroys files upon restarting, users shouldn't reboot their PCs without disabling the Zemblax Ransomware by one means or another, first. There are decryption tools compatible with most versions of this family of Trojans if users require it to recover their work. However, they also should have backups on other devices for compensating for the existence of similar Trojans without such cheap solutions.
Windows users on most versions of that OS are at risk from the Zemblax Ransomware and LokiBot. Nonetheless, its campaign is targeting vulnerable business entities as a matter of preference.
The Zemblax Ransomware isn't the only case of file-locker Trojans and spyware 'teaming up' against computers. Just like the STOP Ransomware and AZORult, the Zemblax Ransomware's campaign makes money in two ways and causes more than twice the trouble in the process.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.