Researchers are watching a new variation of Locky called Zepto that is making its debut through spam emails. The ransomware contains Zepto-laced attachments.

Craig Williams, a senior technical leader and global outreach manager at Cisco Talos, said: “We are watching Zepto very carefully. It’s closely tied to Locky, sharing many of the same attributes. There is still a lot to learn about Zepto. As far as we can tell, it’s either a new variant of Locky or an entirely new ransomware with many copycat Locky features.”

So far the researchers have found 137,731 spam messages this week. The malware gets it name from the extension that is added to encrypted files.

Warren Mercer, a security researcher for Cisco Talos, said: “We are moving quickly and pulling apart as many samples as we can to understand if this is still Locky or something unique. This one we are concerned about. It’s professionally built ransomware that is going to infect tens of thousands of users. It’s definitely on the top of radar.”

The infection is by way of a malicious .zip attachment that contains a malicious “.js” JavaScript executable.

“If Zepto sticks with this attack vector it may never become a serious threat. However, it’s very likely Zepto moves into exploit kits as time goes on,” Williams said. “A move by Zepto to malvertising, for example, could get bad very fast.”

Source: Threat Post