Zzz12 Ransomware
The Zzz12 Ransomware is a file-locking Trojan that can block your access to your digital media, such as documents, pictures, spreadsheets, slideshows or audio clips. Although the file-locking routine may show no visible symptoms, any infections also include changes to the extensions of the files, as well as ransom notes. Victims should disregard the ransoms, use backups for restoring any media, and use a trusted anti-malware product for removing the Zzz12 Ransomware from their computers.
Five-Day Trojans in Development
Another file-locker Trojan is starting to become visible in public threat databases, with the distinguishing factor of using time as a basis for forcing fast ransom payments. Although malware experts see no ancestral connections between this Zzz12 Ransomware and similar threats, it's not the only threat of its type using this social engineering tactic. Other time limit-exploiting Trojans with not-dissimilar payloads range from the data-deleting StalinLocker Wiper to the live ticker-based Ranssiria Ransomware.
The Zzz12 Ransomware limits its timing restrictions to the instructions in its static ransom note, which it generates after it locks your files. While malware analysts have yet to finish analyzing the encryption method of this threat, some sources are identifying it as a variant of an AES algorithm, which is very traditional to the file-locker Trojans of different families, due to its simplicity and fast operations. However, these characteristics aren't indications that the file-locking routine is decryptable by the public necessarily, and any documents, pictures, or other files that the Zzz12 Ransomware attacks may remain non-usable indefinitely.
Along with injecting '.zzz12' extensions into the filenames of the above media, the Zzz12 Ransomware also creates Notepad TXT files with its ransoming instructions for the criminal admin's unlocking help. Current samples don't display a price but do include a time limit before it rises: five days. These tactics are usual for threat actors trying to manipulate their victims into paying before researching alternative solutions for recovering any data.
Reducing the Ransoms on the Last Letter of the Alphabet
The versions of the Zzz12 Ransomware available to malware experts are capable of both locking files and deleting them, with the latter feature dedicated to erasing local backups, such as the Windows Shadow Volume Copies. However, the Trojan also is, seemingly, in the middle of its development and may include other features that this article has yet to account for, such as changing the desktop's wallpaper, creating pop-ups, or dropping additional threats (such as Bitcoin miners). Since local data is at risk, users should protect their files by backing them up to locations that are secure, such as detached USB drives.
E-mail is a high-traffic infection vector for file-locker Trojans of many families and is equally suitable for dropping individual Trojans like the Zzz12 Ransomware. Windows users should be careful when opening documents from sources they haven't verified as being legitimate, which can include macros and other exploits for compromising their PCs. Most anti-malware programs are deleting the Zzz12 Ransomware safely, although this detection rate could be subject to changes, with any future updates.
The Zzz12 Ransomware is an 'in-development' Trojan whose payload is just as threatening as those of full ones like the Crysis Ransomware. Those who ignore their backups and e-mail security practices are only getting more reminders than ever that they're making expensive mistakes.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.