Microsoft today released a warning about a new ransomware variant called ZCryptor. The new ZCryptor ransomware (Ransom zcrypt.a) has the potential to spread like a worm according to the company.
Once it infects a system, it starts copying itself to a removable disk drive in front of it to spread the infection.
In addition to this feature, ZCryptor does not differ much from other ransomware.
Encrypts all files in 88 extensions (Office and archive, image, audio, movie files, logs, database files, APKs, Java, source files, etc.).
Changes their extensions to .zcrypt, and then displays the ransom note (an HTML file that opens with the default browser):
Microsoft says that ransomware usually arrives via e-mail as a disguised executable file, or as an Office file macro.
Immediately after infection, it secures its presence in the infected system and tries to spread to other systems by creating copies of itself. The malicious software it also infects registry entries in order to load with every system boot.
The ransomware then tries to contact a specific URL that it receives from information και πολύ πιθανά και το κλειδί για να κρυπτογραφήσει τα αρχεία του θύματος.
Let's mention again that the best protection for ransomware is the regular backup of your important files, which you should store separately from your main system.
Needless to say, if you are infected with this ransomware, you should know that what USB stick or other removable disk is connected to your system is infected.