Infinity Group - Zepto virus

Zepto Ransomware Virus – How to protect your business

Zepto Ransomware Virus – How to protect your business2018-03-12T09:42:02+00:00

Written by Tom Lovell, IT Project Manager – 11th July 2016

The disruption caused as a result of a ransomware attack along with the added stress is something every business should try to avoid at all costs.

What is Zepto Ransomware?

As with all ransomware viruses, RAA, Locky and Zepto ransomware encrypt the users system files and demand a substantial fee to de-encrypt them. In the past three weeks, we have had a lot of calls from frantic business professionals that have been targeted by malware – some had even paid the ransom as a result of RAA, Locky and Zepto ransomware attacks but never received any files back.

In February this year, Locky ransomware emerged, this is the virus that encrypts your machine and renames all your files with .Locky extension. This was closely followed by RAA ransomware last month that uses Javascript (view our previous article).

However, this month we have been made aware of another new virus to enter the business world…

What is a Zepto File?

Zepto ransomware is thought to be a variant of Locky and shares many of the same attributes; although this time a users files are all renamed with a .zepto file extension. In the first week of July 2016, experts observed more than 140,000 emails containing the Zepto ransomware virus. As the attack gets more established these figures will dramatically rise.

How is Zepto ransomware distributed?

At present there are two main distribution methods for the Zepto Ransomware virus although others will likely emerge.

Infinity Group - Zepto Ransomware attacks

 

 

 

 

 

 

 

 

 

 

1: In emails with an attached ZIP file (see above left)

If you are the recipient of the ZIP file, clicking on it will unzip a file with a javascript extension. Opening the javascript file will download the Zepto Ransomware virus as a .EXE file and run it on your machine. Bad news… as you’ll then have an encrypted machine.

2: In emails with an attached .DOCM file which is a macro enabled document file (see above right)

Double clicking the .DOCM file will open it in Microsoft Word. However the macro’s within the document won’t automatically run (thanks to an update by Microsoft a few years ago). However, the document will subtly prompt you to enable macros (see below image). So hopefully this will be the less invasive option for recipients out of the two – as most people are unlikely to click on the prompt.

Infinity Group - Zepto Ransomware virus

3 ways to protect your business from Zepto ransomware

1: Employee awareness

The most important way of protecting your business is to make all employees aware of the virus. You can do this by circulating this article, and ensuring it’s raised in the next staff meeting. User awareness is the best barrier of protection.

2: Anti-virus

Ensuring antivirus is up to date and active on all machines. Whilst there is no guarantee that anti-virus software will protect from an effective ransomware attack, we recommend you have anti-virus installed for enhanced security and other virus protection. Our wide range of affordable Sophos products offer some of the best ransomware protection on the market, please get in touch to find out more about those.

3: System backup

We recommend that at the very least that you ensure your systems are backed up on a daily basis – so in the event of a ransomware attack your files can be reinstalled. For larger companies backup’s should be undertaken on an hourly basis. If you would like to discuss improving your system backup arrangements please get in touch.                                                                                                    

How to de-crypt your files if you experience a ransomware attack

If your machine does get encrypted by the Zepto, Locky or RAA Ransomware virus, we recommend you do not pay the fine to the cyber criminals to retrieve your data. We can inspect your machine and determine the best possible data recovery method.

Staying one step ahead of the cyber criminals will keep your business protected and any unnecessary, stress and disruption at bay.

If you are concerned about your business’ current IT security setup, or would like to discuss the range of products we offer to protect your business from ransomware please get in touch. The Sophos Intercept X is one of the most powerful on the market at the moment. Click here to find out more.

 

 

 

 

Share

You might also like...