ZinoCrypt Ransomware
Posted: March 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 14,972 |
---|---|
Threat Level: | 8/10 |
Infected PCs: | 1,031 |
First Seen: | March 21, 2017 |
---|---|
Last Seen: | October 7, 2023 |
OS(es) Affected: | Windows |
The ZinoCrypt Ransomware is a file-encrypting Trojan: a threat that locks your files by encoding them with a cipher that it protects with a custom-generated key. Its attacks include attempts to extort money from its victims in return for the threat actor's decryption help, which malware experts discourage using as a solution. Standard backup and anti-malware protocols should be adequate for limiting the Trojan's payload or removing the ZinoCrypt Ransomware from your computer when needed.
More Threats Motivating Backups in Your Daily Routine
A new threat is just beginning to be seen in significant numbers, using ransoming messages that its authors most likely modified from the text files of other threat campaigns. Although malware analysts can't verify the estimates of third parties that the ZinoCrypt Ransomware is using a secure combination of AES-256 and RSA-2048 encryption, they do confirm that it encrypts your local data so that it can extort a cryptocurrency payment from you. Since samples of the ZinoCrypt Ransomware are showing limited circulation currently, its infection methods still are unknown.
After its installation, the ZinoCrypt Ransomware uses an encryption routine with a predesignated algorithm, like one of the two noted above. Depending on how the threat actor configures it, it may encrypt anywhere from a handful of file formats to hundreds of them, usually, with an emphasis on text documents, images, audio, and databases such as spreadsheets. Malware experts do link a brand-new extension to this attack ('.ZINO') that can determine which files the ZinoCrypt Ransomware is locking without needing you to open them.
The ZinoCrypt Ransomware finishes its payload with the creation of a text file that may be placed on your desktop or in the same folder as any encrypted data. Through this note, the ZinoCrypt Ransomware's authors ask you to pay a Bitcoin ransom after negotiating through the proffered e-mail address. Since they can accept the cryptocurrency without needing to fear any cancellations of the payment, there can be no definitive answer as to whether or not the threat actors will choose to provide their decryption program and key.
Keeping Your Files Free and Your Bitcoins Where They Belong
No live attacks leveraging the ZinoCrypt Ransomware have yet to be verifiable, and the Trojan's authors may mean to make other updates to it before distributing it. However, the Trojan does include working encryption attacks and can, potentially, block you from opening your files without giving you any recovery options. For most PC owners, making backing up their content a part of their regular schedule can prevent Trojans like the ZinoCrypt Ransomware from inflicting any permanent damage. Malware analysts also have yet to rule out the possibility of industry researchers being able to develop a free decryptor potentially, after receiving appropriate samples.
Con artists may install the ZinoCrypt Ransomware themselves after compromising a PC with weak Remote Desktop settings or passwords. On the other hand, most threats of this type use other infection vectors, particularly e-mail attachments and disguised downloads that trick the victim into opening the threat with consent. Always use your anti-malware products to analyze new files from unverified sources and delete the ZinoCrypt Ransomware before it encrypts any of your data.
The ZinoCrypt Ransomware is another addition to the already bountiful pile of evidence that harmful encryption is a lucrative 'career' for con artists. As a direct result, backups persist as an invaluable resource for preventing what's on your hard drive from turning into a catalyst for ransoms.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.