Zorro Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | March 27, 2017 |
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
The Zorro Ransomware is a ransomware Trojan that is used to force computer users to pay ransoms after taking its victim's files hostage. The Zorro Ransomware was first observed on March 24, 2017, and is being distributed through spam email attachments probably. The Zorro Ransomware is designed to infect computers using the Windows operating system and may be installed through the use of corrupted macro scripts contained in corrupted Microsoft Word or PDF files. PC security researchers consider that the Zorro Ransomware represents a real threat to the computer users' data. Because of this, they should take precautions to limit the damage these threat infections can cause to their computers.
Table of Contents
How the Zorro Ransomware Carries out Its Attack
The Zorro Ransomware infection follows a pattern similar to most encryption ransomware Trojans. The Zorro Ransomware enters a computer automatically, scans all drives for certain file types, and then encodes these files using a strong encryption algorithm consisting of a combination of the RSA and AES encryptions. The Zorro Ransomware will target the files located in all local drives, including network storage and external memory devices connected to the infected machine. The Zorro Ransomware will avoid directories that include Windows, AppData, Program Files, Program Files (x86). Temp, ProgramData, and System Volume Information to ensure that the Zorro Ransomware attack does not stop Windows from working. This is because the Zorro Ransomware requires Windows to remain operational so that it can demand a ransom payment from the victim.
What Happens After the Zorro Ransomware Encrypts Its Victims’ Files?
The Zorro Ransomware marks all encrypted files with the extension '.zorro,' which is added to the end of each affected file's name. After encrypting the victim's files, the Zorro Ransomware delivers its ransom note. To do this, the Zorro Ransomware will drop a text file on the infected computer's desktop. This file, named 'Take_Seriously (Your saving grace).txt,' will demand the payment of 1 BitCoin (approx. $1000 USD at the current exchange rate) and include information on how to carry out the payment and contact the con artists. Below is the text of the Zorro Ransomware's ransom note:
'IMPORTANT NOTICE THAT IS URGENT AND TRUE
=======================================
DEAR Sir/Ma,
Sorry to inform you but your files has just been encrypted with a strong key. This simply mean that you will not be able to use your files until it is decrypted by the same key used in encrypting it. To get the Key, you have to make a payment to us so as to recover your files. You have the grace of 3 days from now to pay the sum of 1 BTC to the bitcoin address below:
BITCOIN ADDRESS:=>> 19DbpPPahyjVupryKZerpWZ2LG57JqYcgC
Today has just begun the count-down of the payment before your files become unstable and entirely useless. So, my advice to you is to pay up the amount to the bitcoin address above. Pay 1 BTC.
NOTE:
====
Bitcoin doesn't need a bank account - your bitcoin wallet is your bank account, and you don't need any permissions or paperwork to start using bitcoin. GOTO http://localbitcoins.com/ to change cash to bitcoins and vice versa, you don't need any kind of bank account at all.
When payment is made, a decrypting software with the embedded strong key used in encrypting your files will be emailed to you to decrypt your files and start using it again.
ONCE PAYMENT IS MADE THE DECRYPTION PROGRAM WILL BE EMAILED TO YOU SO YOU CAN USE YOUR FILES ONCE AGAIN.'
Dealing with the Zorro Ransomware Infection
Malware analysts do not advise computer users to pay the Zorro Ransomware ransom or to contact the people responsible for the attack. Instead, computer users are advised to take preemptive measures by creating file backups of all important files. Having backups allows computer users to disregard the Zorro Ransomware's ransom note completely, and instead, restore the affected files from the backup copy. The Zorro Ransomware infection itself can be removed with the help of a reliable security program that is fully up-to-date.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.