Threat Database Ransomware Zenis Ransomware

Zenis Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 10
First Seen: March 18, 2018
Last Seen: August 1, 2019
OS(es) Affected: Windows

The Zenis Ransomware is an encryption ransomware Trojan that was first observed on March 14, 2018. The Zenis Ransomware is being used to attack medium and small businesses, as well as Web servers. The Zenis Ransomware behaves in a way similar to most encryption ransomware Trojans, using a strong encryption algorithm to make the victim's files inaccessible and then demanding the payment of a ransom in exchange for the decryption key needed to restore the affected files.

The Zenis Ransomware can Compromise Countless Files on a Computer

Threats like the Zenis Ransomware use strong encryption methods to take the victim's files hostage. The following are examples of the file types typically compromised by attacks like the Zenis Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Zenis Ransomware identifies the files encrypted by the attack by adding the file extension '.Zenis-<2_chars>' to the end of each affected file's name. The Zenis Ransomware will target files on all local hard drives, as well as files shared on a network. The Zenis Ransomware will deliver a ransom note in the form of an HTML file named 'Zenis-Instructions.html,' which is dropped on the infected computer's desktop. The full text of the Zenis Ransomware's ransom note reads:

'*** All your files has been encrypted ***
I am ZENIS. A mischievous boy who loves cryptography, hardware and programming. My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world.
A world in digital space that you are supposed to play the role of my toys.
If you want to win in this game, you have to listen carefully to my instructions, otherwise you will be caught up in a one-step game and you will become the mam loser of the story.
My instructions are simple and clear. Then follow these steps:
1. Send this file (Zenis-Instructions.html) to my email with one your encrypted file less than 2 MB to trust to the game.
2. I decrypt your file for free and send for you.
3. If you confirm the correctness of the files, verify that the files are correct via email
4. Then receive the price of decrypting files
5. After you have deposited, please send me the payment details
6. After i confirm deposit, i send you the "Zenis Decryptor" along with "Private Key" to recovery all your files.
Now you can finish the game. You won the game, congratulations.
Please submit your request to both emails:
If you did not receive an email after six hours, submit your request to the following emails:
TheZenis@Protonmail. com (On the TOR network)
Warning: 3rd party and public programs. It may cause irreversible damage to your files And your files will be lost forever.'

Protecting Your Data from Threats Like the Zenis Ransomware

PC security researchers strongly advise computer users to refrain from contacting the people responsible for the Zenis Ransomware attack or following the instructions in the Zenis Ransomware's ransom note. Instead of doing this, computer users are advised to have file backups on the cloud or an external memory device. These backup copies can be used to restore the files compromised by the Zenis Ransomware attack.

SpyHunter Detects & Remove Zenis Ransomware

File System Details

Zenis Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 8cd8d46cd6c7e336d2baa2f78d8d0ab4 0
2. IIS_Agent32.exe 6957db401ce1f7edd1db9816b9430973 0

Registry Details

Zenis Ransomware may create the following registry entry or registry entries:


Most Viewed