Skip to main content

Emails With Zepto Ransomware On The Rise

By July 15, 2016May 25th, 2021Blog, Cybersecurity

EmailsXWithXZeptoXRansomwareXOnXTheXRiseSecurity researchers from Cisco’s Talos Group have discovered a huge and disturbing spike in spam emails containing a widely used ransomware called Zepto. In fact, the team has uncovered 137,731 such emails over just a four-day period, containing more than three thousand unique samples.

These emails use simple social engineering tricks to give them a greater sense of legitimacy, often addressing recipients by name, and offering files couched in language like, “here’s the document you have requested.”

Of course, when the file that has been “requested” is clicked on, the ransomware installs via a malicious JavaScript, which encrypts all the files on the machine the user is currently logged onto. These files are appended with the .zepto extension, and cannot be unlocked until and unless the user agrees to pay the fee. The instructions are displayed on the screen once the encryption has been completed.

Zepto is a variant of the infamous “Locky” ransomware, which continues to spawn a growing number of variants, each increasing in their sophistication over the last. The cumulative impact of these kinds of attacks are having a devastating effect on people, both at the individual and Enterprise level.

Unfortunately, the Talos Group’s findings aren’t isolated. Security firm FireEye has also reported on the sharp spike in Locky spam (and related variants like Zepto), which has so far impacted a broad swath of users in more than fifty countries.

All of this points to the urgent need to bolster Enterprise security, including additional employee training, especially as it relates to emails and the proper handling of email attachments. In short, if you receive an email from someone you don’t know, and don’t specifically recall requesting information, don’t click on, or attempt to open any files that email might contain.

Even if you did request information from a specific user, it pays to take the extra step of contacting them via some other channel (a phone call, for instance) and verify that they actually sent you the file in question.

One thing we know for certain – this problem will undoubtedly worsen before we see any significant improvement.

Chris Forte

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.

Leave a Reply