Zelta Free Ransomware Description
The Zelta Free Ransomware is an encryption ransomware Trojan first observed in May 2017. The Zelta Free Ransomware is being offered on the Dark Web. The Zelta Free Ransomware is being distributed through the use of corrupted spam email attachments currently. These email messages will include file attachments that will have macros that enable them to download and install the Zelta Free Ransomware on the victim's computer.
How the Zelta Free Ransomware Attack is Carried Out
Macro scripts are known vulnerabilities in the Windows operating system that have been exploited by con artists numerous times before. Victims may be greeted by a UAC (User Account Control) alert before the Zelta Free Ransomware is installed. When the victim allows the Zelta Free Ransomware to run, it will be installed on the infected computer's Temp directory and carry out its attack right away. The Zelta Free Ransomware does not seem to have advanced obfuscation features as seen in other, more sophisticated ransomware attacks. However, the Zelta Free Ransomware's main attack, which involves encrypting the victim's files to demand a ransom payment, is effective.
A Brief Explanation of the Zelta Free Ransomware Attack
In its attack, the Zelta Free Ransomware will target more than 200 different file extensions. The Zelta Free Ransomware will search for files with certain file extensions and then encrypt them using a strong encryption algorithm. The files encrypted by the Zelta Free Ransomware attack will have the file extension '.locked' ppended to the end of each file's name. The following are the file types targeted in the Zelta Free Ransomware infection:
.001, .001, .3fr, .7z, .accdb, .ai, .aiml, .ani, .apk, .arch00, .arw, .asset, .au3, .avi, .bak, .bar, .bay, .bc6, .bc7, .big, .bik, .bkf, .bkp, .blob, .bmp, .bsa, .c, .cas, .cdr, .cdr, .cer, .cfr, .cpp, .cr2, .crt, .crw, .css, .csv, .d3dbsp, .das, .DayZProfile, .dazip, .db0, .dbfv, .dcr, .der, .desc, .dmg, .dmp, .dng, .doc, .docx, .docm, .dwg, .dxg, .epk, .eps, .erf, .esm, .ff, .flv, .forge, .fos, .fpk, .fsh, .gdb, .gho, .gif, .hkdb, .hplg, .html, .hvpl, .ibank, .ico, .indd, .itl, .itdb, .icxs, .itm, .iwd, .iwi, .jpg, .jpeg, .js, .kdb, .kdc, .kf, .layout, .lbf, .litemod, .lrf, .ltx, .lvl, .m2, .m3u, .m4a, .map, .mcgame, .mcmeta, .mdb, .mdbackup, .mddata, .mdf, .mef, .menu, .mlx, .mov, .mp3, .mp4, .mpqge, .mrwref, .ncf, .nrw, .ntl, .odb, .odc, .odm, .odp, .ods, .odt .orf, .p12, .p7b, .p7c, .pak, .pas, .pc, .pdd, .psd, .pdf, .pef, .pem, .pfx, .php, .pkpass, .png, .ppt, .pptx, .pptm, .ppsx, .pps, .ps, .psk, .pst, .ptx, .py, .qdf, .qic, .r3d, .raf, .rar, .raw, .rb, .re4, .rgss3a, .rim, .rofl, .hkx, .rtf, .rw2, .rwl, .sav, .sb, .sc2save, .sidn, .sidd, .sie, .sis, .sid, .slm, .snx, .sql, .sr2, .srf, .srw, .sum, .svg, .syncdb, .t13, .t12, .tax, .tor, .txt, .unity3d,.upk, .vdf, .vfs0, .vpk, .vpp, .vtf, .w3x, .wav, .wma, .wmv, .wb2, .wmo, .wotreplay, .wpd, .wps,.x3f, .xf, .xlk, .xlsb, .xlsm, .xls, .xlsx, .xml, .skp, .xxx, .zip, .ztmp.
The Zelta Free Ransomware alerts the victim of the attack by displaying a text file named 'How to recover files.txt' and a program window generated by an executable file named 'Recover my files.exe.' The ransom note used by the Zelta Free Ransomware has been observed in a previous ransomware Trojan known as the Stampado Ransomware. The following is the full text of both versions of the Zelta Free Ransomware's ransom note:
'All your files have been encrypted.
All your files have been encrypted!
All your documents (databases, texts, images, videos, musics etc) were encrypted The encryption was done using a secret key that is now on our servers.
To decrypt your files you will need to buy the secret key from us. We are the only on the world who can provide this for you.
Note that every 6 hours, a random file is permanently deleted The faster you are. the less files you will lose.
Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files.
What can I do?
Contact us by email telling your ID (below) and wait for us to send the instructions.
Contact us by email@example.com
As a proof, you can send one encrypted file so we will send it back decrypted. Use it as a guarantee that we can decrypt your files.'
Infected with Zelta Free Ransomware? Scan Your PC for FreeDownload SpyHunter's Spyware Scanner
to Detect Zelta Free Ransomware * SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.