<img alt="" src="https://secure.hear8crew.com/200390.png" style="display:none;">
CMI News

Researchers Warn of Huge Increase in Zepto Ransomware

London_It_company_ransomware_zepto_increase.jpgWe have seen first-hand the pain ransomware can cause companies.  It isn’t just about the financial pain either.  When thinking about the true cost of a ransomware attack, companies must consider the time it steals from their executives, their IT department and employees. 

Ransomware locks up business-critical data and demands payment to release it.  In May 2016, security researchers at Kasperky Lab and FireEye identified ransomware as the top threat to business. It is a real and growing threat, and one businesses must take seriously—particularly now.  Security researchers have recently announced concerns that attackers are gearing up for a new ransomware campaign—Zepto.

Zepto is a variant of Locky, which was one of the most widespread ransomware attacks in early 2016, affecting organisations in over 100 countries. Now, according to Cisco’s Talos security intelligence and research group, Zepto is the imminent threat, with a huge increase in the number of spam messages sent with the Zepto ransomware in the past few weeks. In fact, Talos researchers report that a fresh Zepto spam campaign started on 27 June, with 137,731 spam messages carrying the ransomware recorded in four days.  With no known method of decrypting the information once held by Zepto, it is safe to say, this is a true threat. 

The spam messages use various subject lines, such as “document copies”, and various sender profiles, such as “CEO”, to encourage recipients to open the message and execute the malicious javascript.

The body of the emails usually just tell the recipient to look at their “requested” documentation. The name of the attached .zip file is created by combining the recipient’s name and a random number such as pdf_richard_444397.  Once the file is downloaded, the machine begins a process of encrypting the local files and then demands ransom in Bitcoin to decrypt the files.

This is not a new method of attack, but it one that is gaining ground, according to Warren Mercer, technical lead of engineering at Talos.

“The phishing/spam campaigns now generally carry a large risk of associated ransomware, and this is no different. The ability to withhold files from users is, unfortunately, becoming very normal with attacks that people are faced with every day,” he wrote in a blog post

How can you fight back?

  • Use an expert IT company to set-up systems to prevent the execution of malware
  • Use web scanning tools to block access to malware sites
  • Implement next generation firewalls to detect malicious network activity
  • Ensure you have email scanning systems designed to block malicious email campaigns

Experts say, the more proactive your business is at defending against cyber threats, the more likely you will be to stop them.  We say, there has never been a better time to get proactive.


About BTA

BTA is a full-suite Managed Service Provider, specialising in advice, planning and cyber defence strategies.  The expert IT company has over 20 years of experience, a track-record of success and a proven cyber-security team.  Offering help to in-house IT teams, and comprehensive out-sourced solutions, BTA provides free consultations to companies and organisations across the UK.  Learn more about this leading London-based IT company at www.bta.com or call 020 8875 7676 to speak to a consultant today.


Peter Filitz

Written by Peter Filitz

Peter is BTA's Sales Manager (who would prefer all meetings to be on the golf course).

Know someone who
would benefit from CMI?