In recent weeks Aspen PC has been observing a growing number of users being infected by “ransomeware”, specially the .ZEPTO variant. Ransomeware is a nasty form of malware that hijacks your computer and encrypts your personal files while demanding payment in order for the files to be decrypted.
What makes this version even worse is that it will also encrypt files on shared network volumes even if they are not mapped! Not only can it encrypt the files on the computer that has become infected, but other computers on your network as well.
While there has been some great advancements in the field of ransomeware decryption, the bad news is that currently there is no known way to decrypt the .ZEPTO variant which means if you become infected, there is no way to restore the files other than from a backup.
How do I become infected?
Ransomeware infections typically originate from emails containing attachments of either .ZIP or .DOCM files. The infections we have been observing are coming via fake emails from Fedex claiming that your package could not be delivered. They contain a .ZIP attachment and request that you open the file to view your shipping label. Upon opening the .ZIP file you will find what appears to be a Microsoft Word document with the filename FedEX_ID_00500596.doc however this is no Word document. The file is a Java script which upon execution will open a browser and present you with varying forms of pop up windows while encrypting all of your files in the background. It will also replace your desktop background with information on how to pay the ransom and get your files back. The variant that uses the .DOCM file extension is a Word document packed with macros which perform the same tasks.
Removal and Prevention.
As mentioned before there is no known way to decrpyt your files, once they are encrypted you will no longer have access to them. The only possibility to gain access is to pay the ransom which is highly inadvisable. Not only would you be risking further infection and possibly giving your financial information to the people who infected your computer in the first place, but there is absolutely no guarantee that they will actually provide you with the key required to decrypt the files. Immediately restoring your files from a backup is also not recommended as there is a chance your backup will also become encrypted once your computer has access to it. The best course of action is to have your computer cleaned of the infection by a professional and then restore your files from a backup in a safe environment.
If there are no backups available to restore from then there is a very small chance that the files can be restored using data recovery methods but there are no guarantees. Making a backup is something that all computer users who have sensitive data should be doing regularly however we tend to put off doing until it is too late. I cannot stress enough how important it is to have regular backups of data that is valuable to you. In the event of data loss for whatever reason, without a proper backup you are left with very little options. Data recovery methods can be used to recover your lost data but it is a costly process with prices that can reach thousands of dollars depending on the situation. Backups are a must have.
If you believe that your computer is infected with ransomeware or any other type of infection, we recommend that you bring your computer in to be diagnosed and cleaned. While it is possible in some cases to continue using your computer while infected, minor infections will often bring more serious infections and problems until eventually your computer will become unusable.
If you are not making regular backups and are unsure of how to get started please contact us and we can help implement a backup solution to fit your needs.