Zenis Ransomware
Posted: March 14, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 24 |
| First Seen: | November 21, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The Zenis Ransomware is a Trojan that blocks your media so that it can solicit ransoms for unlocking the files. Any files that it locks also display significant changes to their names and the threat also may induce other symptoms, such as changing your wallpaper or disabling some security applications. Have an anti-malware tool delete the Zenis Ransomware on sight, and preserve updated and secure backups for your data recovery needs.
A Mischievous Trojan is Making Your Files into a Game
There are traditional differences between file-locking Trojans targeting recreational or casual PC users, versus ones attacking businesses and governments. However, sometimes, the lines between the conventions become vague, as malware analysts are finding with the Zenis Ransomware. This threat, whose file-locking campaign is live, is attacking unspecified entities in the business sector. Despite that choice, its author uses a very informal, ransom-negotiating method.
The Zenis Ransomware uses a standard encryption method, such as the AES algorithm, for locking different files, like spreadsheets or pictures. They also have changed names that include a 'Zenis' string, additional doubled-character tags and a set of Base64-encoded content. This technique is a very unusual renaming method that malware experts don't see in other file-locking threats, which, mostly, prefer the appending of a simple extension (such as 'flower.gif.locked').
Other, equally strange choices also are available for the users' perusal while reading the HTML ransom instructions that the Zenis Ransomware creates after performing the data-locking attack. Poor English grammar implies that the threat actor is using a tool for translating the content, and the colloquial style of the message also provides a brief introduction and description of this 'mischievous boy,' who refers to himself via the name of ZENIS. Even the ransoming process has a quirk: asking the victim to provide the ransom message, as well as a locked file, for a 'free trial' of his decryptor.
Winning the Game that a Bad Boy Wants You to Play
The oddities of the Zenis Ransomware's campaign do nothing to avert the potential for data loss that it causes to any compromised PC. Since malware researchers are unable to procure sufficient samples for a decryption-oriented analysis, the users shouldn't assume that any blocked content is directly recoverable. Although the victims always should avoid giving the cybercrooks a ransom in exchange for reversing the effects of their misdeeds, users without backups may have limited alternatives for saving any encrypted files.
The initial infection strategies for business-targeting Trojans like the Zenis Ransomware often use one of the below attacks:
- Brute-force software is capable of cracking passwords and other login credentials for your network. Use sophisticated password methods for averting any manual attempts at dropping the Zenis Ransomware.
- E-mail messages can carry the Zenis Ransomware directly, or as the payload of another threat, such as a member of the Zlob family of Trojans. Scan any attachments with appropriate security software and avoid enabling potentially hazardous content, such as Word macros.
Without a current decryptor that doesn't require paying the threat actor for using it, the Zenis Ransomware may cause encryption-based damages that are next to irreversible. However, standard anti-malware heuristics should identify and remove the Zenis Ransomware as a threat, beforehand.
The Zenis Ransomware's potential for long-term damage is in determination, but it only can mean harm to your computer files. Don't give ZENIS a foothold for working his file-sabotaging mischief.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.