Microsoft today released a warning for a new variant of ransomware called ZCryptor. The new ransomware ZCryptor (ransom zcrypt.a) has the potential to spread like a worm according to the company.
Once it infects a system, it starts copying itself to a removable disk drive in front of it to spread the infection.
In addition to this feature, ZCryptor does not differ much from other ransomware.
Encrypts all files in 88 extensions (Office and archive files, image, audio, movie files, log files, database files, APK files, Java files, source code files, etc).
It changes their extensions to .zcrypt, then displays the ransom note (an HTML file that opens with the default program tours):
Microsoft says that ransomware usually arrives via e-mail as a disguised executable file, or as an Office file macro.
Immediately after infection, it ensures its presence in the infected system and tries to spread to other systems by making copies of itself. Malware also infects registry entries to load every time the system boots.
The ransomware then tries to contact a specific URL that it receives from information and quite possibly the key to encrypt the victim's files.
Let's mention again, that the best protection for ransomware is to regularly back up your important files, which you should store separately from your main system.
Needless to say, if you are infected with this ransomware, you should know what USB stick or other removable disc is connected to your system is infected.