Zenis

When MalwareHunterTeam discovered the ransomware, it was using an unidentified method of file encryption. However, the latest edition of the malware is using the AES encryption method for encrypting files. Once encrypted, there’s no way to decrypt the files, but Michael Gillespie, a security researcher, is analyzing the malware for any weakness.

It’s still unknown how this ransomware is getting across devices, but the scenarios indicate that it’s using Remote Desktop services to infect other systems.

The working method of Zenis

The current variation of the ransomware performs 2 steps to see if it should encrypt the current system.

• A process (iis_agent32.exe) is running
• A registry key (HKEY_CURRENT_USER\SOFTWARE\ZenisService “Active”) is present in the system.

If the steps return NO, then it won’t encrypt the system. If the answer is YES, it will start its preparation to encrypt the system. Here’s the ransom note from Zenis.

The key point is, the creator of this ransomware holds the private RSA key required to decrypt the base64 encoded files. That’s why the note. However, the ransomware is under analysis, so don’t pay the ransom until it’s completely analyzed.

How to stay protected

First of all, it’s unknown how this ransomware is getting distributed into networks, so you have to follow caution while operating your system. Moreover, good usage habits are more important than anything to prevent any such attack. Here’s a short list of what to do and what not.

• Backup – It’s the most important thing to do in your life. Backup your important files to an external storage that’s not connected to the computer. This allows your data a safe position, in case the original source is corrupted or encrypted.
• Anti-malware – Malware is the culprit of such attacks. To ensure the protection of your system, you have to install a proper anti-malware software. We have the list of best antivirus software of 2018.
• File attachments – When someone sends you an attached file with the email, make sure not to open it until you know the sender is an authorized one. If anything looks suspicious, scan the file using VirusTotal first.
• Software update – All the software vendors release updates of their software regularly with enhanced security and performance. Update all your software, especially Windows, Java, and Adobe products.
• Password – Protect your system with a hard password. Note that your password should contain alphanumeric & special characters with a long string length.

The post Zenis Ransomware – Deletes Your Backup and Encrypts Files appeared first on Linux Windows and android Tutorials.