Ransomware spreads via removable drives

Zcryptor is a new type of ransomware that unlike it's predecessors exhibits worm-like behavior. This ransomware leverages removable and network drives to propagate itself and affect more users.  Zcryptor is distributed through spam email. It can also be installed on your machine through other malware, or fake installers such as (Flash Player setup). To make matters worse, ZCryptor drops an autorun.inf file on removable drives, which allows it to infect any computer these drives are plugged into. Microsoft researchers explain that the malware also leverages network drives to propagate itself, and that it drops copies of itself in different locations and changes the file attributes to hide itself from the user in file explorer.

Zcryptor will display the following ransom note to it's victoms

At this time, there is no known way for users affected by ZCryptor to recover their encrypted files for free, unless they have a secure backup of their data on hand.


Help stay protected:

  • Keep your Windows Operating System and antivirus up-to-date.  Upgrade to Windows 10.
  • Back-up your files to an offsite backup service.
  • Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to setup a drive for file history.
  • Beware of phishing emails, spams, and clicking malicious attachment.
  • Use web filtering protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.
  • Disable the loading of macros in your Office programs.
  • Disable your Remote Desktop feature whenever possible.
  • Use two factor authentication.
  • Use a safe internet connection.
  • Avoid browsing web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.).


What to do if you're hit with ransomware?

Unfortunately, if you haven't backed up your files offsite, there's nothing much you can do, except pay the ransom. Of course, by paying the ransom there is no guarantee you'll get your data back. Plus, paying the ransom only empowers the perpetrators and opens the door for future malware attacks. So what's the best course of action? Stop the attack from happening in the first place. Make sure you have good off site backups.