Ransomware has been the hot topic of security world for quite a few months. This is a type of attack that encrypts a system’s file and asks for a ransom to the victim for the unlocking password. Recently, we’ve seen a new ransomware infecting systems – Zenis. Discovered by MalwareHunterTeam, this ransomware deletes your file backups on purpose!
When MalwareHunterTeam discovered the ransomware, it was using an unidentified method of file encryption. However, the latest edition of the malware is using the AES encryption method for encrypting files. Once encrypted, there’s no way to decrypt the files, but Michael Gillespie, a security researcher, is analyzing the malware for any weakness.
It’s still unknown how this ransomware is getting across devices, but the scenarios indicate that it’s using Remote Desktop services to infect other systems.
The working method of Zenis
The current variation of the ransomware performs 2 steps to see if it should encrypt the current system.
- A process (iis_agent32.exe) is running
- A registry key (HKEY_CURRENT_USER\SOFTWARE\ZenisService “Active”) is present in the system.
If the steps return NO, then it won’t encrypt the system. If the answer is YES, it will start its preparation to encrypt the system. Here’s the ransom note from Zenis.
The key point is, the creator of this ransomware holds the private RSA key required to decrypt the base64 encoded files. That’s why the note. However, the ransomware is under analysis, so don’t pay the ransom until it’s completely analyzed.
How to stay protected
First of all, it’s unknown how this ransomware is getting distributed into networks, so you have to follow caution while operating your system. Moreover, good usage habits are more important than anything to prevent any such attack. Here’s a short list of what to do and what not.
- Backup – It’s the most important thing to do in your life. Backup your important files to an external storage that’s not connected to the computer. This allows your data a safe position, in case the original source is corrupted or encrypted.
- Anti-malware – Malware is the culprit of such attacks. To ensure the protection of your system, you have to install a proper anti-malware software. We have the list of best antivirus software of 2018.
- File attachments – When someone sends you an attached file with the email, make sure not to open it until you know the sender is an authorized one. If anything looks suspicious, scan the file using VirusTotal first.
- Software update – All the software vendors release updates of their software regularly with enhanced security and performance. Update all your software, especially Windows, Java, and Adobe products.
- Password – Protect your system with a hard password. Note that your password should contain alphanumeric & special characters with a long string length.