ZaLtOn Ransomware
Have you noticed that your files have a new .ZaLtOn file extension? If so, then your computer has likely been infected by the ZaLtOn Ransomware – a recently released variant of the notorious Xorist ransomware family.
Table of Contents
What is ZaLtOn Ransomware?
The ZaLtOn ransomware is a malicious file-locking cryptovirus. Once the virus enters your computer, it gets to work immediately. It scans for productivity documents and personal files, including spreadsheets, databases, Excel files, audio, images, and videos. When it finds these files, the virus applies a robust cryptographic algorithm to make them inaccessible. Users are unable to access their files at all when they get encrypted.
Once the files have been locked, the virus creates a ransom message called "HOW TO DECRYPT FILES" that explains the situation to victims. The note explains that the computer is infected and the only way to get your data back is to normal is to pay a bitcoin fee to the attackers.
In your attention!!!
Hello, your server is very vulnerable, that’s why you became a victim of ransomware
All your files are currently encrypted
However, there is also good news, the files can be decrypted if you pay 0.11 bitcoin.
All you have to do is follow the steps below.
Buy 0.11 bitcoin, you can easily buy bitcoin from this sites:
www.localbitcoins.com
www.paxful.com
Send the amount to this wallet: 17cvUD9uzYk3fsCZzGyKNZ3aSgnoSKU3X7
After sending, contact us at this email address: zalton@tuta.io
With this subject: –
ATTENTION!! we do not receive emails sent from gmail accounts
Immediately after this you will receive an email with the keys and a small tutorial for decrypting the files.
Here’s another list of where to buy bitcoin:
hxxps://bitcoin.org/en/exchanges
Should I Pay the Ransom?
When faced with such a threat, it’s only natural that a person’s first instinct would be to make the payment. If paying someone could solve all the problems, then why not take the path of least resistance? However, security experts always recommend against doing this. They say you should never pay the attackers.
The truth is that there is no guarantee that the attackers will give you the tools you pay for. There are many cases of the attackers disappearing once they get your money. Even if they do deliver a decryption key or tool, there is no guarantee they will work. It would be best not to contact the attackers and instead focus on trying to restore your files yourself.
How to Restore Files Affected by ZaLtOn
The problem with ransomware like this is it makes it difficult to restore your files. One thing that ransomware does is destroy the Shadow Volume copies of data. These are copies of data that your computer uses for System Restore and other Recovery options. While you can use internal data recovery options or data recovery software, there’s no guarantee that those methods will work.
The easiest way to get your files back after being corrupted is to use an external backup. The more data backups you have, the better. It’s worth your time to have one physical backup and one cloud backup at the very least. This way, you’ll be covered in the event of data loss.
A word of warning, however; make sure that you remove the ZaLtOn ransomware from your computer before connecting an external device or restoring from the cloud. There is a possibility the virus will infect your external device or re-infect your files when you transfer them. The last thing you want is to have your data encrypted again so quickly.
How to Protect Against Ransomware Attacks
Knowing how to protect against ransomware starts with knowing how attacks happen. The most common infection method for ransomware is through spam emails. People receive emails written as if they come from a legitimate source, often a shipping company like FedEx. The message demands attention and has either a link or an attached file. The message urges users to access these attachments. Accessing the attachment infects your computer, so ignore any spam emails and unsolicited emails you receive. If you don’t know who sent the email, it’s safe to assume it’s malicious.
Avoid using illegal downloads and illegal software activation tools. Many of these tools are malware in disguise. Attackers know that people download illegal software all the time, and they take advantage of that. They bundle their malware in with the software packages or upload malware under the name of official software. When you pay for software, not only are you supporting the developers, but you are also ensuring you get an official clean version of the product.
Be wary when downloading from third-party freeware and download sites. As with illegitimate software, hackers like to publish malware to freeware sites disguised as legitimate programs. Freeware is a beautiful tool, but check the reviews of programs and check to see it is what you think it is before downloading.
