ZekwaCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 40 |
First Seen: | January 27, 2017 |
Last Seen: | May 5, 2023 |
OS(es) Affected: | Windows |
The ZekwaCrypt Ransomware is a ransomware Trojan that has been active since May 24, 2016. The ZekwaCrypt Ransomware (also known as Win32/the ZekwaCrypt.A) is considered a severe threat to computers. The ZekwaCrypt Ransomware is used to target high-profile targets such as databases, large data containers, and corporate networks with an effective encryption ransomware Trojan. However, the ZekwaCrypt Ransomware is also effective when attacking personal computers. Initially, the ZekwaCrypt Ransomware was being distributed using corrupted spam email attachments that impersonated messages from social media platforms and accounting businesses. New versions of the ZekwaCrypt Ransomware were not seen for a while but in January 2017 numerous variants of the ZekwaCrypt Ransomware started to resurface. The ZekwaCrypt Ransomware is being distributed in the same way currently, but also has integrated more effective phishing techniques to ensure that more victims download and open the corrupted email attachment containing the ZekwaCrypt Ransomware downloader.
Beware of Corrupted Emails that may Carry the ZekwaCrypt Ransomware
Once the victim opens the file attachment contained in the ZekwaCrypt Ransomware's phishing emails, the ZekwaCrypt Ransomware will be downloaded and installed on the victim's computer. The ZekwaCrypt Ransomware scans the infected computer's drives before encrypting files. The ZekwaCrypt Ransomware will delete any file that includes the string 'backup' or 'backups,' as well as deleting the Shadow Volume Copies that can be used to restore files. The ZekwaCrypt Ransomware will avoid encrypting files in several directories, including Windows system folders and the following:
- Borland
- Content.IE5
- Framework
- i386
- Microsoft
- Mozilla
- Temp
- Torrent
- Torrents
- Windows
The files encrypted by the ZekwaCrypt Ransomware will be easy to identify because of the addition of the extension '.zekwakc' to the end of each file's name. The ZekwaCrypt Ransomware saves a text file named 'Clog.txt' with a list of the infected files and some information about the encryption process. This file may be used for debugging this threat probably. The ZekwaCrypt Ransomware delivers its ransom note in a text file named 'encrypted_readme.txt.' The ransom note demands that the victim purchases BitCoins and transfer them to the attacker's Bitcoin Wallet. Prices that have been observed in the ZekwaCrypt Ransomware attacks range from $300 to $800 USD. PC security researchers strongly advise computer users against paying the ZekwaCrypt Ransomware ransom, regardless of the amount.
Unlike many other ransomware Trojans, the ZekwaCrypt Ransomware does not need an Internet connection to carry out its attack. Most other ransomware Trojans must first establish a connection with their Command and Control servers. Although the ZekwaCrypt Ransomware is not the most sophisticated ransomware Trojan out there, there is no question that the ZekwaCrypt Ransomware and its variants pose a severe threat to the victims' data and the integrity of corporate networks and computers.
Dealing with the ZekwaCrypt Ransomware
PC security analysts strongly advise against paying the ZekwaCrypt Ransomware ransom. This is especially true because con artists will, in many cases, ignore the victims or deliver a decryption key that does not work. Even if the con artists are capable of delivering a solution, paying the ZekwaCrypt Ransomware ransom allows them to continue creating and distributing these threats, especially now that it seems that the ZekwaCrypt Ransomware's operators are expanding and trying to create new versions of the ZekwaCrypt Ransomware threat. The best protection against the ZekwaCrypt Ransomware and similar encryption ransomware Trojan is to have backups of all files. If computer users have a backup of their files, then recovery is simple since it only involves restoring the affected files from the backup copy. Apart from file backups, however, it is also necessary to prevent the ZekwaCrypt Ransomware from entering a computer in the first place. Two things can help with this:
- Computer users are strongly urged to install a reliable security program that is fully up-to-date, which will stop these threats from carrying out their attacks. An anti-spam filter also should stop these emails from arriving in your inbox in the first place.
- Caution should be taken when handling any email attachment, even from known sources (which may have been compromised).
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.