ZEON Ransomware
The ZEON Ransomware threat was first discovered by the cybersecurity analyst that goes by dnwls0719 on Twitter. This particular malware is written in Python, and designed to encrypt the files on breached computers. The attackers then extort the victims for money by promising to send the necessary decryption tool and key after receiving the payment.
As part of its intrusive actions, the ZEON Ransomware will mark each locked file by modifying its original name. More specifically, the threat will append '.zeon' as a new file extension to the name of each encrypted file. Victims also will be left with a ransom note containing instructions from the attackers. This ransom-demanding message will be dropped on the device as a text file named 're_ad_me.txt.'
Ransom Note's Details
The ransom note left by the ZEON Ransomware reveals that the attackers are running a double-extortion operation. Indeed, according to the note, a chunk of sensitive data has been exfiltrated from compromised devices and will be exposed to the public on a dedicated leak site, if the demands of the hackers are not met. However, to receive more details, victims are instructed to contact the attackers via a website accessible via the TOR browser. Affected users are also told that they can test the ability of the attackers to restore the encrypted data by sending 2 files to supposedly be unlocked for free.
The full text of ZEON Ransomware's note is:
'All of your files are currently encrypted by ZEON strain.
As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly.
If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value.To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge.
You can contact our team directly for further instructions through our website :
TOR VERSION :
(you should download and install TOR browser first hxxps://torproject.org)hxxp://zeonrefpbompx6rwdqa5hxgtp2cxgfmoymlli3azoanisze33pp3x3yd.onion/
YOU SHOULD BE AWARE!
Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible.'
