Zenis Ransomware – Deletes Your Backup and Encrypts Files

Windows Articles

How to use modprobe command?

The modprobe command is a Linux administration system created for management, visualization, inclusion and exclusion. From loadable modules to kernel. Also, the Module is...

Install Virtualmin on CentOS 8

Hello, friends. In this post, you will learn how to install Virtualmin on CentOS 8. In addition to that, we will leave it ready...

Different ways to open File Explorer in Windows 10

Hello! Certainly the archive scan is an essential element when it comes to controlling the contents. It is even so important, that there are...

How to setup WireGuard VPN with ubuntu 20.04

Here, we will learn today how to configure WireGuard VPN with Ubuntu 20.04. Wireguard® is an amazingly straightforward yet quick and present-day VPN that...

How to Unlock the Bootloader on Xiaomi devices

Greetings dear readers, this time we bring you an easy guide on how to unlock the Bootloader on Xiaomi devices. The Bootloader in a...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

Ransomware has been the hot topic of security world for quite a few months. This is a type of attack that encrypts a system’s file and asks for a ransom to the victim for the unlocking password. Recently, we’ve seen a new ransomware infecting systems – Zenis. Discovered by MalwareHunterTeam, this ransomware deletes your file backups on purpose!

Zenis

When MalwareHunterTeam discovered the ransomware, it was using an unidentified method of file encryption. However, the latest edition of the malware is using the AES encryption method for encrypting files. Once encrypted, there’s no way to decrypt the files, but Michael Gillespie, a security researcher, is analyzing the malware for any weakness.

It’s still unknown how this ransomware is getting across devices, but the scenarios indicate that it’s using Remote Desktop services to infect other systems.

The working method of Zenis

The current variation of the ransomware performs 2 steps to see if it should encrypt the current system.

  • A process (iis_agent32.exe) is running
  • A registry key (HKEY_CURRENT_USER\SOFTWARE\ZenisService “Active”) is present in the system.

If the steps return NO, then it won’t encrypt the system. If the answer is YES, it will start its preparation to encrypt the system. Here’s the ransom note from Zenis.

The key point is, the creator of this ransomware holds the private RSA key required to decrypt the base64 encoded files. That’s why the note. However, the ransomware is under analysis, so don’t pay the ransom until it’s completely analyzed.

How to stay protected

First of all, it’s unknown how this ransomware is getting distributed into networks, so you have to follow caution while operating your system. Moreover, good usage habits are more important than anything to prevent any such attack. Here’s a short list of what to do and what not.

  • Backup – It’s the most important thing to do in your life. Backup your important files to an external storage that’s not connected to the computer. This allows your data a safe position, in case the original source is corrupted or encrypted.
  • Anti-malware – Malware is the culprit of such attacks. To ensure the protection of your system, you have to install a proper anti-malware software. We have the list of best antivirus software of 2018.
  • File attachments – When someone sends you an attached file with the email, make sure not to open it until you know the sender is an authorized one. If anything looks suspicious, scan the file using VirusTotal first.
  • Software update – All the software vendors release updates of their software regularly with enhanced security and performance. Update all your software, especially Windows, Java, and Adobe products.
  • Password – Protect your system with a hard password. Note that your password should contain alphanumeric & special characters with a long string length.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to use modprobe command?

The modprobe command is a Linux administration system created for management, visualization, inclusion and exclusion. From loadable modules to kernel. Also, the Module is...

Install Virtualmin on CentOS 8

Hello, friends. In this post, you will learn how to install Virtualmin on CentOS 8. In addition to that, we will leave it ready...

Different ways to open File Explorer in Windows 10

Hello! Certainly the archive scan is an essential element when it comes to controlling the contents. It is even so important, that there are...

How to setup WireGuard VPN with ubuntu 20.04

Here, we will learn today how to configure WireGuard VPN with Ubuntu 20.04. Wireguard® is an amazingly straightforward yet quick and present-day VPN that...

How to Unlock the Bootloader on Xiaomi devices

Greetings dear readers, this time we bring you an easy guide on how to unlock the Bootloader on Xiaomi devices. The Bootloader in a...
x