RANSOMWARE ALERT: New Locky Strain — 'Zepto'

Earlier this year we reported a new, fast moving, and highly-destructive ransomware virus named "Locky", which has been surprisingly dormant for the past few months. While cybersecurity experts have been busy protecting businesses against a huge volume of other viruses and scams, such as "Jigsaw", "Amazon Ransomware", and "Ethical Conduct Complaint Scam", the developers of Locky have used this time to develop even stronger and more creative malicious code.

The New Locky

The newest variant of Locky ransomware, nicknamed 'Zepto', deploys faster, is harder to detect, and contains more complex code. This advanced version was first seen around June 28th, and was disseminated to over 100,000 people in less than 4 days. And it shows no signs of stopping. Zepto is distributed by an email that is meant to look like it is coming from someone within the target user’s organization, typically a high level executive. By mimicking a CEO or CFO, the cybercriminals are drastically increasing the odds that an employee will open the file — despite the email being out of place or arriving unexpectedly.

The emails typically look similar to the one below:

Dear [your name],

Attached is the document that you requested.

Thank you,

[CEO signature]

Zepto’s Costly Impact

This new Locky variant runs on javascript so that when a victim opens the attachment, Zepto has the ability to immediately deploy. Zepto infects files, pictures, documents, local drives, and anything connected to the network. Unfortunately, this means that if one employee is connected to the network and opens the infected file, Zepto can spread to the entire organization and lock away all of the data on any networked device until ransom is paid.

The criminals behind Zepto demand payment from several hundred dollars to hundreds of thousands dollars in order to remove the code and unlock the data. While anyone who has been a victim of ransomware is urged to contact authorities, it is unlikely that users, authorities, or even cyber-security experts will be able to recover the data. At this time, the only way to recover the data appears to be paying the ransom. Of course, prevention is better than paying ransom or losing data.

Proactive Measures Are the Best Defense Against Malware

  1. Educate your employees to recognize risky or dangerous emails as the first line of defense. If an employee receives a questionable email, they should contact Hilltop Consultants immediately to determine whether or not it is malicious.
  2. Protect your users from going to risky or potentially harmful sites. Software such as OpenDNS can warn users if they are clicking on links that could potentially take them to a site that is determined to be risky or unauthorized.
  3. Make sure you have secure backups in place. Using a powerful backup solution like Datto for your company’s servers and other essential data stores provides local and cloud backups of your servers and can safeguard your data should your system become infected or compromised.
  4. Guard your Inbox. Reflexion recognizes current threats, flags potential threats, and blocks viruses in real time.
If you have been a victim of a ransomware attack and/or would like to learn how to protect your network and your data, please contact a Hilltop Consultants' Cyber Security specialist today!