ZES Ransomware
The ZES Ransomware is a file-locking Trojan from the Makop Ransomware family. It targets Windows systems with a data-encrypting attack that blocks media content like documents, images, or databases. Users with strongly-secured backups have sufficient protection from this feature, and most anti-malware services will remove the ZES Ransomware and other members of its family immediately.
Little Trojan Gangs Getting Bigger by the Week
Although the Makop Ransomware family has a long way to go for catching up with the sheer sprawl of a Ransomware-as-a-Service, campaigns recycling this threat's code are becoming more of a reoccurring event in 2020. After catching previous spinoffs like the Origami Ransomware, the Shootlock Ransomware, and the Zbw Ransomware, malware researchers see one more: the ZES Ransomware. This unassumingly-named Trojan alters the payload with little other than changes to e-mail addresses, and, of course, extensions on the files that it locks.
The ZES Ransomware, which is Windows-based, uses a locking feature that weaponizes AES encryption with an extra layer of security thanks to an RSA key – both of which are standard techniques in threats of this kind. The feature blocks media of various formats, including most commonly-used ones like Word, Notepad, or PDF documents, JPG, BMP, or GIF files, databases, spreadsheets and others. Users need only search files' names for the 'ZES' extension that it adds, along with the ransoming credentials, for finding the non-opening media.
Like its cousins before it, the ZES Ransomware creates a text message for selling its file-unlocking help to the victim. The English note uses mostly-copied, grammar error-riddled sentences that give an e-mail for contacting the attacker, but no specific ransom-paying information. Withholding prices is one tactic that malware experts see in these campaigns regularly, which can be for persuading users into paying large sums without any reference points for their consideration.
Disbanding Trojan Gangs before They Get Too Profitable
File-locking Trojans are capable of punishing users who are lax on their backup habits consistently. Accordingly, malware researchers recommend that everyone keep backups on other devices, secured as necessary, and regularly update them. Attacks by the ZES Ransomware may extend to more than a single computer's media directories and could include compromising network-accessible storage or other Windows PCs.
The ZES Ransomware campaign has no currently-confirmed infection vectors but is in the wild. For avoiding possible attacks, users can secure their browsers by turning off risky features, such as Flash, Java, JavaScript, pop-ups and advertising content. Users also should be especially alert to the dangers of downloads, such as torrents or e-mail attachments. Admins should further concern themselves with the passwords they use, which are possible weaknesses for attacks when done poorly.
Windows anti-malware products of most brands will protect a PC from the Makop Ransomware family sufficiently. Most users should avoid deleting the ZES Ransomware manually and, instead, have automated security software do so during their scans for threats.
The ZES Ransomware might start with the last letter of the alphabet but is far from the final file-locking Trojan that graces the Web. Even a humble family like the Makop Ransomware might have a long history, depending on whether users protect their work from sabotage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.