Microsoft Warns of ZCryptor Ransomware With Self-Propagation Features (softpedia.com)

← Back to Stories (view on slashdot.org)

Microsoft Warns of ZCryptor Ransomware With Self-Propagation Features (softpedia.com)

Posted by BeauHD on Monday May 30, 2016 @12:55PM from the mind-of-its-own dept.

An anonymous reader writes from a report issued by Softpedia on May 27: Microsoft and several other security researchers have detected the first ransomware versions that appears to have self-propagation features, being able to spread to other machines on its own by copying itself to shared network drives or portable storage devices automatically. Called ZCryptor, this ransomware seems to enjoy quite the attention from crooks, who are actively distributing today via Flash malvertising and boobytrapped Office files that infect the victim if he enables macro support when opening the file. This just seems to be the latest addition to the ransomware family, one which recently received the ability to launch DDoS attacks while locking the user's computer.

7 of 71 comments (clear)

Min score:

Reason:

Sort:

Microsoft would know by Anonymous Coward · 2016-05-30 12:57 · Score: 4, Funny

They're the king of ransomware, forcing Windows 10 installations.
Ahhhh by Adambomb · 2016-05-30 12:58 · Score: 2, Funny

Good old retro boot sector viruses.

--
Ice Cream has no bones.
I heard by Anonymous Coward · 2016-05-30 13:02 · Score: 1, Funny

It disguises itself as the Windows 10 upgrade notification.
1. Re: I heard by cbiltcliffe · 2016-05-30 14:35 · Score: 3, Funny
  
  Angry much?
  Of course he is. He got force upgraded to Windows 10.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
BREAKING NEWS by Anonymous Coward · 2016-05-30 14:34 · Score: 2, Funny

BREAKING NEWS: Microsoft warns about a new self-installing malware called "Windows 10"
Re:maybe its time to put msoffice into a VM? by Anonymous Coward · 2016-05-30 21:29 · Score: 2, Funny

How does this help, if the malware spreads via network shares? If the Office has access to the shares, which is quite handy for editing files in them, it is also possible for it to spread the malware.
Re:Pray to whatever god you worship by Anonymous Coward · 2016-05-30 23:20 · Score: 2, Funny

There is an additional step you want to consider in an enterprise. Notice from the write-up that this one adds itself to the RUN key to ensure persistence. Most malware / crapware that isn't root kit style does this. The key "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run" should be set to require administrator access to change. That simple change prevents this from getting persistence (and, depending on how the author wrote it, may cause it to fail to encrypt - as you notice the writeup says that setting this key is the first thing it does).