Threat Database Ransomware ZekwaCrypt Ransomware

ZekwaCrypt Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 40
First Seen: January 27, 2017
Last Seen: May 5, 2023
OS(es) Affected: Windows

The ZekwaCrypt Ransomware is a ransomware Trojan that has been active since May 24, 2016. The ZekwaCrypt Ransomware (also known as Win32/the ZekwaCrypt.A) is considered a severe threat to computers. The ZekwaCrypt Ransomware is used to target high-profile targets such as databases, large data containers, and corporate networks with an effective encryption ransomware Trojan. However, the ZekwaCrypt Ransomware is also effective when attacking personal computers. Initially, the ZekwaCrypt Ransomware was being distributed using corrupted spam email attachments that impersonated messages from social media platforms and accounting businesses. New versions of the ZekwaCrypt Ransomware were not seen for a while but in January 2017 numerous variants of the ZekwaCrypt Ransomware started to resurface. The ZekwaCrypt Ransomware is being distributed in the same way currently, but also has integrated more effective phishing techniques to ensure that more victims download and open the corrupted email attachment containing the ZekwaCrypt Ransomware downloader.

Beware of Corrupted Emails that may Carry the ZekwaCrypt Ransomware

Once the victim opens the file attachment contained in the ZekwaCrypt Ransomware's phishing emails, the ZekwaCrypt Ransomware will be downloaded and installed on the victim's computer. The ZekwaCrypt Ransomware scans the infected computer's drives before encrypting files. The ZekwaCrypt Ransomware will delete any file that includes the string 'backup' or 'backups,' as well as deleting the Shadow Volume Copies that can be used to restore files. The ZekwaCrypt Ransomware will avoid encrypting files in several directories, including Windows system folders and the following:

  • Borland
  • Content.IE5
  • Framework
  • i386
  • Microsoft
  • Mozilla
  • Temp
  • Torrent
  • Torrents
  • Windows

The files encrypted by the ZekwaCrypt Ransomware will be easy to identify because of the addition of the extension '.zekwakc' to the end of each file's name. The ZekwaCrypt Ransomware saves a text file named 'Clog.txt' with a list of the infected files and some information about the encryption process. This file may be used for debugging this threat probably. The ZekwaCrypt Ransomware delivers its ransom note in a text file named 'encrypted_readme.txt.' The ransom note demands that the victim purchases BitCoins and transfer them to the attacker's Bitcoin Wallet. Prices that have been observed in the ZekwaCrypt Ransomware attacks range from $300 to $800 USD. PC security researchers strongly advise computer users against paying the ZekwaCrypt Ransomware ransom, regardless of the amount.

Unlike many other ransomware Trojans, the ZekwaCrypt Ransomware does not need an Internet connection to carry out its attack. Most other ransomware Trojans must first establish a connection with their Command and Control servers. Although the ZekwaCrypt Ransomware is not the most sophisticated ransomware Trojan out there, there is no question that the ZekwaCrypt Ransomware and its variants pose a severe threat to the victims' data and the integrity of corporate networks and computers.

Dealing with the ZekwaCrypt Ransomware

PC security analysts strongly advise against paying the ZekwaCrypt Ransomware ransom. This is especially true because con artists will, in many cases, ignore the victims or deliver a decryption key that does not work. Even if the con artists are capable of delivering a solution, paying the ZekwaCrypt Ransomware ransom allows them to continue creating and distributing these threats, especially now that it seems that the ZekwaCrypt Ransomware's operators are expanding and trying to create new versions of the ZekwaCrypt Ransomware threat. The best protection against the ZekwaCrypt Ransomware and similar encryption ransomware Trojan is to have backups of all files. If computer users have a backup of their files, then recovery is simple since it only involves restoring the affected files from the backup copy. Apart from file backups, however, it is also necessary to prevent the ZekwaCrypt Ransomware from entering a computer in the first place. Two things can help with this:

  1. Computer users are strongly urged to install a reliable security program that is fully up-to-date, which will stop these threats from carrying out their attacks. An anti-spam filter also should stop these emails from arriving in your inbox in the first place.
  2. Caution should be taken when handling any email attachment, even from known sources (which may have been compromised).

Trending

Most Viewed

Loading...