Home Malware Programs Ransomware ZinoCrypt Ransomware

ZinoCrypt Ransomware

Posted: March 21, 2017

Threat Metric

Ranking: 14,972
Threat Level: 8/10
Infected PCs: 1,031
First Seen: March 21, 2017
Last Seen: October 7, 2023
OS(es) Affected: Windows

The ZinoCrypt Ransomware is a file-encrypting Trojan: a threat that locks your files by encoding them with a cipher that it protects with a custom-generated key. Its attacks include attempts to extort money from its victims in return for the threat actor's decryption help, which malware experts discourage using as a solution. Standard backup and anti-malware protocols should be adequate for limiting the Trojan's payload or removing the ZinoCrypt Ransomware from your computer when needed.

More Threats Motivating Backups in Your Daily Routine

A new threat is just beginning to be seen in significant numbers, using ransoming messages that its authors most likely modified from the text files of other threat campaigns. Although malware analysts can't verify the estimates of third parties that the ZinoCrypt Ransomware is using a secure combination of AES-256 and RSA-2048 encryption, they do confirm that it encrypts your local data so that it can extort a cryptocurrency payment from you. Since samples of the ZinoCrypt Ransomware are showing limited circulation currently, its infection methods still are unknown.

After its installation, the ZinoCrypt Ransomware uses an encryption routine with a predesignated algorithm, like one of the two noted above. Depending on how the threat actor configures it, it may encrypt anywhere from a handful of file formats to hundreds of them, usually, with an emphasis on text documents, images, audio, and databases such as spreadsheets. Malware experts do link a brand-new extension to this attack ('.ZINO') that can determine which files the ZinoCrypt Ransomware is locking without needing you to open them.

The ZinoCrypt Ransomware finishes its payload with the creation of a text file that may be placed on your desktop or in the same folder as any encrypted data. Through this note, the ZinoCrypt Ransomware's authors ask you to pay a Bitcoin ransom after negotiating through the proffered e-mail address. Since they can accept the cryptocurrency without needing to fear any cancellations of the payment, there can be no definitive answer as to whether or not the threat actors will choose to provide their decryption program and key.

Keeping Your Files Free and Your Bitcoins Where They Belong

No live attacks leveraging the ZinoCrypt Ransomware have yet to be verifiable, and the Trojan's authors may mean to make other updates to it before distributing it. However, the Trojan does include working encryption attacks and can, potentially, block you from opening your files without giving you any recovery options. For most PC owners, making backing up their content a part of their regular schedule can prevent Trojans like the ZinoCrypt Ransomware from inflicting any permanent damage. Malware analysts also have yet to rule out the possibility of industry researchers being able to develop a free decryptor potentially, after receiving appropriate samples.

Con artists may install the ZinoCrypt Ransomware themselves after compromising a PC with weak Remote Desktop settings or passwords. On the other hand, most threats of this type use other infection vectors, particularly e-mail attachments and disguised downloads that trick the victim into opening the threat with consent. Always use your anti-malware products to analyze new files from unverified sources and delete the ZinoCrypt Ransomware before it encrypts any of your data.

The ZinoCrypt Ransomware is another addition to the already bountiful pile of evidence that harmful encryption is a lucrative 'career' for con artists. As a direct result, backups persist as an invaluable resource for preventing what's on your hard drive from turning into a catalyst for ransoms.

Loading...