E2 Computers - Rants, Raves and Food Reviews

Nasty Ransomware Spreads Like A Worm zCryptor.

Encryption viruses still on the Rise

Antivirus software having a hard time keeping up

I have seen a rise of file encryption viruses in my business and even in a few cases systems with the Antivirus software that we recommend. I am also seeing a large increase in Fake Computer Repair scams that seem t o easily attach to the Edge Browser found in Windows 10. My recommendation to my clients for the latter issue is to use Internet Explorer which still exists in Windows 10 or an alternative browser when available.  Regarding the first issue I can only stress the need for a good backup mechanism preferably with the ability to version or daily images of the files or system. Some of these viruses take days to do their damage and can go unnoticed for a long period of time an them boom you either get the message your files have been encrypted or you try to open a file and it reports being encrypted or corrupted and can no longer be viewed.

Remember keeping your backup attached all the time is not safe either as the virus has access to the same drive paths that you do. If the backups are connected via other file mechanisms like UNC or FTP you have a better chance of not corrupting previous backup sets. Please read this article from KnowBe4 about the latest malware findings. This issue was discovered around the 25th of May 2016.

Be very cautious of attachments in emails especially if they are suggesting updates for software, as well as popup ads that  may appear in video sites like Vemo and YouTube.


Microsoft released an alert about a new ransomware strain called ZCryptor, which works like a worm and spreads via removable and network drives. The MalwareForMe blog reported this first on May 24. Three days later, Redmond’s security team decided to alert everyone about this threat. “We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft’s Malware Protection Center post stated. A subsequent analysis by Trend Micro confirmed Microsoft’s findings, categorizing the threat as a “worm,” with self-propagation features.

ZCryptor spreads via email with malicious macro attachments and a fake Adobe Flash Player installer.

Microsoft wrote that this strain use fake installers, usually for Adobe Flash, along with macro-based booby-trapped Office files to distribute the Zcryptor ransomware. Macro-based malware uses what could be argued as “user-consent prompt fatigue,” only Microsoft can come up with a term like that.

Source: CyberheistNews Vol 6 #22 It’s Here. Nasty Ransomware That Spreads Like A Worm.


Create your Backup Strategy

Carbonite may be a first step

For your backup needs contact E2 Computers in Tarpon Springs so we can help identify a backup method that works for you. If you are looking for self service than visit our Carbonite Store at http://partners.carbonite.com/e2computers

Tags: , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

End2End Blog