Zepto Ransomware Virus – How to protect your business | Infinity Group

Zepto Ransomware Virus – How to protect your business


Zepto Ransomware Virus – How to protect your business2018-09-03T10:17:58+00:00

The disruption caused as a result of a Ransomware attack along with the added stress is something every business should try to avoid at all costs.

What is Zepto Ransomware?

As with all Ransomware viruses, RAA, Locky and Zepto Ransomware encrypt the users system files and demand a substantial fee to de-encrypt them. In the past three weeks, Infinity Group have had a lot of calls from frantic business professionals that have been targeted by Malware – some had even paid the ransom as a result of RAA, Locky and Zepto Ransomware attacks but never received any files back.

In February this year, Locky Ransomware emerged, this is the virus that encrypts your machine and renames all your files with .Locky extension. This was closely followed by RAA Ransomware last month that uses Javascript. However, this month we have been made aware of another new virus to enter the business world.

What is a Zepto File?

Zepto Ransomware is thought to be a variant of Locky and shares many of the same attributes; although this time a users files are all renamed with a .zepto file extension. In the first week of July 2016, experts observed more than 140,000 emails containing the Zepto Ransomware virus. As the attack gets more established these figures will dramatically rise.

How is Zepto Ransomware distributed?

At present there are two main distribution methods for the Zepto Ransomware virus although others will likely emerge.

Infinity Group - Zepto Ransomware attacks











1: In emails with an attached ZIP file (see above left)

If you are the recipient of the ZIP file, clicking on it will unzip a file with a Javascript extension. Opening the Javascript file will download the Zepto Ransomware virus as a .EXE file and run it on your machine. Bad news… as you’ll then have an encrypted machine.

2: In emails with an attached .DOCM file which is a macro enabled document file (see above right)

Double clicking the .DOCM file will open it in Microsoft Word. However the macro’s within the document won’t automatically run (thanks to an update by Microsoft a few years ago). However, the document will subtly prompt you to enable macros (see below image). So hopefully this will be the less invasive option for recipients out of the two – as most people are unlikely to click on the prompt.

Infinity Group - Zepto Ransomware virus

3 ways to protect your business from Zepto Ransomware

1: Employee awareness

The most important way of protecting your business is to make all employees aware of the virus. You can do this by circulating this article, and ensuring it’s raised in the next staff meeting. User awareness is the best barrier of protection.

2: Anti-virus

Ensuring antivirus is up to date and active on all machines. Whilst there is no guarantee that anti-virus software will protect from an effective Ransomware attack, we recommend you have anti-virus installed for enhanced security and other virus protection.

3: System backup

We recommend that at the very least that you ensure your systems are backed up on a daily basis – so in the event of a Ransomware attack your files can be reinstalled. For larger companies backup’s should be undertaken on an hourly basis. If you would like to discuss improving your system backup arrangements please get in touch.     

How to de-crypt your files if you experience a Ransomware attack

If your machine does get encrypted by the Zepto, Locky or RAA Ransomware virus, we recommend you do not pay the fine to the cyber criminals to retrieve your data. We can inspect your machine and determine the best possible data recovery method.

Staying one step ahead of the cyber criminals will keep your business protected and any unnecessary, stress and disruption at bay.

If you are concerned about your business’ current IT Security setup or would like to discuss the range of products we offer, including Sophos Intercept X, to protect your business from Ransomware please get in touch.


You might also like...