Zorro Ransomware
Posted: March 27, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | March 27, 2017 |
|---|---|
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
The Zorro Ransomware is a Trojan that encrypts your files to hold them up for ransom payments. Free decryption utilities sometimes can help victims unlock the data that's damaged by threats of this type, although malware experts recommend against depending on breaking the cipher as the only means of recovery. Various anti-malware solutions are detecting this Trojan at high rates and should be able to remove the Zorro Ransomware before it begins enciphering your files.
A Hero's Name Put to Poor Use
Malware experts recently confirmed a case of mistaken identity for some of the latest attacks involving Trojans with encryption-based ransoming features. The Zorro Ransomware doesn't appear to be a direct relative of that old Trojan, although some security products misidentify it as being a new version of the Spora Ransomware. Some of the Zorro Ransomware's executable data also further obscures its origins, including attributing the software to Microsoft and claiming a 2016 copyright. However, malware experts didn't see the Zorro Ransomware until March of 2017.
The Zorro Ransomware could be mistaken for a modification of a number of other Trojans employing similar attacks. It uses a still-undetermined encryption algorithm for encoding and locking your files, which it targets through a list of approved extensions. Only after it finishes blocking documents, images and other media will the Zorro Ransomware create a new file for your desktop: its text ransom message.
Other functions malware analysts felt worth highlighting that give the Zorro Ransomware a more distinctive identity include:
- The Zorro Ransomware accesses the Firefox browser's security certificates, which help protect your Web browser's information transactions (such as purchases) and identify trustworthy websites.
- Although it launches through an executable, the Zorro Ransomware injects its code into another memory process. This stealth feature lets the Zorro Ransomware hide from users who are monitoring their processes with the Task Manager.
Keeping a Vigilante on the Right Side of the Law
Much like the original Zorro was noted for leaving his signature in nearby targets, the Zorro Ransomware also leaves a telltale 'autograph' behind; the '.zorro' extension appended onto the names of all locked files. However, the presence of this symptom is indicative of your local content already being encrypted and unusable, and waiting for visible effects of the Zorro Ransomware's payload is an unwise choice of security strategies. While malware experts look for more indicators of this still-recent threat's infection methods, use safe Web-browsing settings and habits to avoid common traps like threat droppers inside of attached e-mail documents.
The Zorro Ransomware's threat actors are selling their decryption solution at a price of one Bitcoin within a three-day time limit. As always, they may accept their one thousand USD equivalent in cryptocurrency without rendering the promised services. While malware experts would consider it a mistake for any PC user with potentially important files to avoid backing them to another drive, victims also should consider trying free decryption utilities, some of which are compatible with 2017's most prominent threats.
The Zorro Ransomware wins no marks for originality, but its traditional payload retains its efficiency against anyone who takes the safety of their files for granted. For those without the security tools to delete the Zorro Ransomware on sight, one wrong click can turn into a thousand dollar proposition quickly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.