IT Security Tip – Ransomeware is Growing – Zepto
Ransomeware is growing bigger as it is an easy way for cyber criminals to gain access to users personal data. It’s not like your normal virus that gets installed via a software installation. In most cases it is delivered via email with a document attached. When a user opens this document a script is set in motion which downloads the ransomware then in turn infecting your data. Zepto is not really any different to other ransomware its just like the Locky or Crypto Locker virus’s and they all want to achieve one thing, and that is getting you to pay a ransom to retrieve your data back.
How it is delivered
Zepto is delivered via email with an ZIP archive file and a DOCM file attached. In the first case, opening up the ZIP
archive will unpack a file with a .JS
(JavaScript) extension. Opening the JavaScript file, however, runs the script program inside, which in turn downloads the ransomware as an EXE
(Windows program) file, and runs it.
In the second case, the attachment is DOCM
, so that double-clicking on the file opens it by default in Microsoft Word. But DOCM
is short for “document with macros,” a special type of document that contains embedded scripts written in VBA (Visual Basic for Applications).
Macros inside a Word file don’t run by default (a security precaution introduced many years ago by Microsoft), but they do produce a prompt “Security Warning Macros have been disabled”
If this is enabled the JavaScript will download the ransomeware, run it and encrypt all of your files. The cyber criminals will have a copy of these decyption keys and offer to sell them back to you. They only use bitcoin as payment and normally around BTC-0.5 which is about $300. So beware if you have an email message to lines of ‘Attached, please find the documents you requested” as it is most likely a fake!
More information can be obtained from our cyber security Partners Sophos and Symantec.
Our Network Security solutions can show you how cost-effectively protect and maintain the security of your network, assets and data against external attack, providing you peace of mind.