Reefa Posted May 27, 2016 Share Posted May 27, 2016 Quote A new version of ransomware, dubbed Ransom:Win32/ZCryptor.A, that is able to move itself from computer to computer is hitting Microsoft Windows users. Microsoft's Threat Research & Response blog issued an alert to its customers on May 26 warning them of the bug, which also goes by the name ZCryptor. The nastiest aspect of this piece of malware is its ability to reproduce and then spread to other systems through removable media devices, such as flash drives, as well as network drives. This capability is not often seen, noted Trend Micro researcher Michael Jay Villanueva. “This ransomware is one of the few ransomware families that is capable of spreading on its own. It drops a copy of itself in removable drives, making use of USBs a risky practice,” he said in a research note on the ransomware. Trend Micro gave ZCryptor an overall risk rating of critical with a high damage potential. The ransomware has several methods of being injected into a computer. Microsoft noted it can be distributed via spam emails, macro malware or through fake Flash Player installers. When it tries to spread through removable storage devices it “drops autorun.inf in removable drives, a zycrypt.lnk in the start-up folder: %User Startup%\zcrypt.lnk along with a copy of itself as {Drive}:\system.exe and %appdata%\zcrypt.exe, and changes the file attributes to hide itself from the user in file explorer,” the Microsoft report said. Once embedded and the files are encrypted a ransom note appears demanding 1.2 bitcoins, around $500, for the decryption key. It gives the victim four days to comply and then boosts the payment to five Bitcoins. source Link to comment Share on other sites More sharing options...
humble3d Posted May 27, 2016 Share Posted May 27, 2016 Let's guess... Only windows 10 can protect you from this (probably msft produced) malware ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.