There is a now form of Bitcoin ransomware on the block, going by the name of Zepto. At its core, this is a different variant of the Locky malware, which has been making the rounds for quite some time now. Security researchers detected a spike in the distribution of this new ransomware. As one would expect, Internet criminals are using spam emails to distribute this payload.
Bitcoin ransomware has proven to be a very lucrative business, assuming one can distribute the malware on a large scale. Spam emails are a preferred method of distribution, as it allows criminals to reach a lot of potential targets with little effort. Security researchers detected a spike in Zepto distribution as of June 27.
Zepto Ransomware Arrives On The Scene
What makes Zepto so interesting is how it is sharing similarities with Locky. This latter malware has been causing a lot of headaches for individuals and enterprises around the world. While there are obvious similarities between the two strains, there is something different about Zepto. Security researchers are trying to figure out how to classify this new type of malware.
On June 27, over 137,000 spam messages were sent out, all of which contain the Zepto payload. Malicious attachments in emails are an effective manner to distribute malicious code. Even though there have been plenty of warnings regarding downloading email attachments, the potential for infection remains very high.
Specific aspects of this ransomware make it appear very similar to Locky. Both types use the same type of RSA encryption keys, they leave similar file types behind, and the ransom text is nearly identical. Despite these similarities, the new kind of ransomware is far from ineffective, though.
Cisco Talos Sr Technical Leader Craig Williams explained the threat as follows:
“If Zepto sticks with this attack vector it may never become a serious threat. However, it’s very likely Zepto moves into exploit kits as time goes on. A move by Zepto to malvertising, for example, could get bad very fast. “
Ransomware developers have stepped up their game in recent months, by continuously improving their malicious software. Security researchers are concerned Zepto has the potential to infect thousands of users in the coming weeks. So far, over 3,300 unique samples of the malware have been identified, which is a rather staggering number.
What are your thoughts on yet another new form of ransomware? Let us know in the comments below!
Source: Cisco Talos
Images courtesy of Shutterstock, Cisco TalosShow comments