Zepto Ransomware a Variation of Locky
Posted by: Timothy Weaver on 07/02/2016 07:24 AM
[
Comments
]
Researchers are watching a new variation of Locky called Zepto that is making its debut through spam emails. The ransomware contains Zepto-laced attachments.
So far the researchers have found 137,731 spam messages this week. The malware gets it name from the extension that is added to encrypted files.
Warren Mercer, a security researcher for Cisco Talos, said: “We are moving quickly and pulling apart as many samples as we can to understand if this is still Locky or something unique. This one we are concerned about. It’s professionally built ransomware that is going to infect tens of thousands of users. It’s definitely on the top of radar.”
The infection is by way of a malicious .zip attachment that contains a malicious “.js” JavaScript executable.
“If Zepto sticks with this attack vector it may never become a serious threat. However, it’s very likely Zepto moves into exploit kits as time goes on,” Williams said. “A move by Zepto to malvertising, for example, could get bad very fast.”
Source: Threat Post
So far the researchers have found 137,731 spam messages this week. The malware gets it name from the extension that is added to encrypted files.
Warren Mercer, a security researcher for Cisco Talos, said: “We are moving quickly and pulling apart as many samples as we can to understand if this is still Locky or something unique. This one we are concerned about. It’s professionally built ransomware that is going to infect tens of thousands of users. It’s definitely on the top of radar.”
The infection is by way of a malicious .zip attachment that contains a malicious “.js” JavaScript executable.
“If Zepto sticks with this attack vector it may never become a serious threat. However, it’s very likely Zepto moves into exploit kits as time goes on,” Williams said. “A move by Zepto to malvertising, for example, could get bad very fast.”
Source: Threat Post
Comments
