What is Zepto ransomware?
Zepto ransomware is nearly identical to Locky ransomware. To execute cyber security threats, Zepto ransomware operators rely on a combination of social engineering and phishing techniques. Originally observed in 2016, the Zepto ransomware operators have since evolved their tools and techniques.
Why it matters
From a business perspective, these ransomware operators ultimately aim to sell businesses their decryption tools. The hackers encrypt the computers, and they try to sell you tools for decryption.
However, experts assert that decryption isn’t a given. The ransomware operators may accept payments without actually providing promised decryption tools.
How it works
After gaining access to a system, Zepto uses asymmetric cryptography to encrypt files. Files are renamed in the following format: “[8_digit_hexadecimal_number]- [4_digit_hexadecimal_number]-[4_digit_hexadecimal_number]-[4_digit_hexadecimal_number]-[12_digit_hexadecimal_number].zepto”. For instance, “example.jpg” might be renamed as “GR3D5870-2AT9-1DDG-7Q9B-D5F29B67299P.zepto”
Upon effective encryption, Zepto produces a PMP file and an HTML file, which contain identical information informing users of encryption.
Zepto relies on an asymmetric encryption algorithm and consequently, both public encryption and private decryption keys created during the encryption lifecycle. The private key ‘lives’ on remote servers accessible to cyber criminals. Entities cannot decrypt without this key. Knowing this, cyber criminals may attempt to sell a decryption tool with an embedded private key. Removal of Zepto ransomware is colloquially described as “not too complicated,” comparatively.
Zepto ransomware not only shares similarities with Locky. Hundreds of other ransomware-type computer infections manifest with similar characteristics. Examples include Cerber, CryptoWall and CTB-Locker. The distinctive element amidst these assorted viruses is the dollar amount requested in ransom payment.
Threat prevention and Zepto
Zepto ransomware operators ask for payments in Bitcoin. The operators send payment instructions via a Tor network URL. The URL directs users to a site identical to Locky’s. Despite ransom payments, research shows that most cyber criminals ignore victims.
Payment delivered to the Zepto ransomware operators may not result in restoration of files. Rather, organizations should ensure that they maintain a strong system and file backup system, and should attempt to restore from backups. At present, no tools exist to decrypt files compromised by Zepto.
Zepto highlights the importance of pursuing a multi-layered approach to cyber security. The authors use social engineering tactics, underscoring the need for employee cyber security education and awareness. At the same time, the email-based threat emphasizes the need for strong email security solutions. And again, ransomware threats, in general, highlight the need for a robust data backup system.