Your browser does not support HTML5 video Play Pause PlayPauseMute0%00:00 / 00:00FullscreenSmallscreen Close Embed Feed Cyber Warfare: The Black Hole of Online Crime IBTimes UK Zepto ransomware is a fairly new strain of malware, that of late has undergone a notable spike in malicious activities. Security researchers note that the ransomware spam campaign, which has several similarities to Locky, has surged, distributing over 130,000 spam emails with malicious attachments in a little under four days.
Researchers at security firm Cisco Talos observed that the ransomware spam campaign began using a new naming convention ("swift [XXX|XXXX].js") on 27 June. Researchers also uncovered 3,305 unique javascript samples following the new naming convention, which used a compressed .zip file. Around 4,000 emails were detected by the firm, which then began escalating over the coming few days.
Cisco Talos security researcher Warren Mercer said in a company blog: "The body of the emails were generally urging the user to look at their "requested" documentation. The name of the attached .zip file is created by combining the username in the ‘To’ email address header, an underscore, plus a random number."
Researchers also pointed out the email body had been designed specifically to include common salutations like "Dear" and "Hello". However the body of the emails underwent a few customised changes through the timeline of the attacks and varied between using subject headers like "report", "new invoice", "financial report", "documents copy" and others. Zepto ransomware also shares several technical similarities with the Locky ransomware Zepto ransomware also shares several technical similarities with the Locky ransomware, both of whom use similar RSA encryption keys, use the same types of files to infect systems and also have similarities in the ransom text delivered to victims.
Mercer told SCMagazine that the ransomware "specifically attempts to hold the end user at ransom […]
