Petronella Blog Archive

Visit our New Blog

New Ransomware: ZCryptor

Blog Post

There’s a brand new strain of ransomware on scene being called ZCryptor. According to a warning put out by Microsoft, it both works like a worm and can spread through removable and network drives.

Getting its name from it adding the .zcrypt file extension, ZCryptor uses fake Adobe Flash installers and macros in email attachments to spread itself. The malware is installed once the user runs the phony update or allows the macros to run. Once installed, ZCryptor adds a key to the computer’s registry to gain PC restart persistence and encrypts the victim’s files.

While it targets 88 different file types, the most worrisome thing about ZCryptor is that it appears to also behave like a worm. It has long been believed that it was only a matter of time before ransomware evolved to this point, ZCryptor is the first example of ransomware that can copy itself to nearby devices, including ones that are removable.

In order to better protect yourself from being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.