View All R&D Articles

Zepto Ransomware Infection And Decryption Services

November 9, 2016

Zepto is a type of malware that locks your files with advanced encryption so that you cannot access them. The program demands a ransom payment in return for a decryption key, which is necessary to unlock the files.

If you believe that Zepto has infected your computer, can help. We will search for ways to recover your files without having to interact with the criminals that infected your computer. If you believe your computer is infected, turn it off, disconnect all media from it, and call 1-800-237-4200.

What is Zepto Ransomware (And How Does It Work)?

Zepto shares a large percentage of code with Locky ransomware. It is unclear at this time if the makers of Zepto simply copied parts of Locky for their own use, if Zepto is actually Locky 2.0 or some variant. Regardless, when Zepto infects a computer, it begins encrypting files. It ignores files that are necessary to run the operating system so that victims can pay the ransom on their computers.

Here are a few things to keep in mind:

  • Zepto demands a ransom that ranges from 0.5 to 3 bitcoins, which is currently about $317-$1900 at time of writing.
  • The ransomware spreads through spam emails which hide the malware in a JavaScript file.
  • There is no known universal decryption key for Zepto.

Zepto is easy to avoid if victims don’t click on the JavaScript file, but the malware’s algorithm personalizes the emails in such a way as to make the victims curious about the attachment. Remember, never click on an attachment if you’re not positive that it is safe.

How Does Zepto Ransomware Infect My System?

Like many types of malware, Zepto spreads through email attachments. The malicious program is hidden in a ZIP archive. When victims open this archive, they unpack a JavaScript file. Because JavaScript files do not show their extension (.js), victims may think that the file is something else and click on it. This starts the infection process.

Zepto will begin encrypting files while the affected computer seems to run normally. Once Zepto has finished encrypting files, it changes the computer’s wallpaper to a set of instructions and opens an HTML file with the same instructions. The instructions tell victims to install a Tor browser and go to a URL for orders on how to pay the ransom.

Zepto encrypts the following file types:

.123, .3dm, .3ds, .3g2, .3gp, .602, .aes, .arc, .asc, .asf, .asm, .asp, .avi, .bak, .bat, .bmp, .brd, .cgm, .cmd, .cpp, .crt, .csr, .csv, .dbf, .dch, .dif, .dip, .djv, .djvu, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .fla, .flv, .frm, .gif, .gpg, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11, .myf, .myi, .nef, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .paq, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .psd, .rar, .raw, .rtf, .sch, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vbs, .vdi, .vmdk, .vmx, .vob, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .zip

The ransomware encrypts a large number of file types, but leaves alone any files that are necessary to keep the computer functioning. This allows victims enough functionality in their computers to pay the ransom.

What Ransom Payment Does Zepto Demand for Decrypting Files?

Most victims have reported that Zepto demands 0.5 bitcoins, which is about $317, but at least one screenshot has shown that they demanded 3 bitcoins, or $1900. Keep in mind that paying the attackers is no guarantee that victims will receive a working key to decrypt their files.

Zepto’s payment screen is identical to that of Locky, which was the first tipoff that the two were related. The screen instructs the victim on how to install a Tor browser, and then purchase bitcoins to transfer.

Can I Disable Zepto Ransomware Encryption?

At this time, there is no known universal decryption key or workaround decryption method for Zepto. If this ransomware has infected your computer, locating backup copies of files may be your best option.

Our security specialists have experience with recovering from all types of malware attacks. We can help you restore files and make sure there are no lingering traces of the malware on your machine. Call at 1-800-237-4200 to begin the process of restoring your files.