Home Malware Programs Ransomware ZeroRansom Ransomware

ZeroRansom Ransomware

Posted: July 5, 2017

The ZeroRansom Ransomware is a Trojan that uses encryption to block the user from opening their files, such as documents or pictures. Although this threat may ask for ransoms to restore your encoded content, backup solutions and freeware decryptors always should be used in preference to rewarding a con artist behavior. Anti-malware products should detect and remove the ZeroRansom Ransomware as a threat to your computer and block its file-locking attack.

More Trojans Eager to Put Your Savings at Zero

A new family of file-locking threats is under identification this July. The rapid deployment of variants of what seems to be the original Trojan, the ZeroRansom Ransomware raises the likelihood of it being part of a RaaS (or Ransomware-as-a-Service rented to other con artists) business plan. Malware experts have yet to finish their analysis of this Trojan's features but under the hood details of its C&C infrastructure point to it being one of the few threats to abuse Google's Gmail service for managing attack data.

The ZeroRansom Ransomware's hallmark feature is its encryption routine, which is over two dozen formats of media slightly (such as DOC, PNG and ZIP) to encipher and lock. Their filenames are edited to use '.z3r0' extensions after their original ones. The Trojan also transfers the essential data-decoding key to a threat actor's Gmail account automatically without obfuscating the login credentials. It deletes this content afterward, preventing the encryption from being broken locally.

Similar to some highly publicized families of file-encoding threats such as Hidden Tear or the Globe Ransomware, the ZeroRansom Ransomware also uses a simple text message for providing its ensuing ransoming demands. By default, it also includes warnings against taking other steps to re-secure the PC and warns that it may delete your files, which is a feature malware analysts have yet to corroborate. Typically, threats of this type only ask for payment in forms that allow them to avoid any penalties from not helping the victim afterward, such as a cryptocurrency like Bitcoin.

Stopping the Growth of a Startup Trojan Family

Variants of the ZeroRansom Ransomware may provide slightly different symptoms from the ones seen in the vanilla version of the threat, such as a differently named ransom note or another extension. Since different versions of the family may need different decryption solutions, victims should create copies of any locked media before testing appropriate decryptor tools. Backups made beforehand also can give you an easy recovery option against the ZeroRansom Ransomware, minor clones like the J-Ransom Ransomware and similar threats.

The ZeroRansom Ransomware is sufficiently new that malware researchers have been unable to determine what infection methods its threat actors are using, or whether they're targeting entities in the business sector or random PC owners. Infiltration methods prior file-encoding Trojans abuse include e-mail spam, exploit kits loading through insecure Web browsers, and brute-forcing hacks against short login combinations. Appropriate security software can block most of these attacks directly and delete the ZeroRansom Ransomware before its encryption can happen.

Just as modern war tactics require new tools to counterattack, combating a new family of Trojans means enacting updates to old databases and modernizing decryption utilities effectively. PC owners ignoring both their updates and their backups are taking the risk of being one of the first entries on the ZeroRansom Ransomware's list of profitable victims.

Loading...