Zeoticus Ransomware

Countless cyber crooks opt to try their luck with the creation and distribution of ransomware threats. The entry barrier when it comes to creating a ransomware threat is rather low. This is so because there are various ransomware building kits, as well as well-established data-locking Trojans whose code is available online readily. This explains why the majority of newly spotted ransomware threats are just copies of already existing file-encrypting Trojans. However, some cyber crooks build their threats from scratch. This appears to be what happens with the Zeoticus Ransomware.

Propagation and Encryption

The Zeoticus Ransomware is able to encrypt all the data that could be found on one’s system. This threat will not hesitate to lock images, audio files, databases, videos, spreadsheets, presentations, documents, archives, etc. The creators of the Zeoticus Ransomware are likely utilizing spam emails as an infection vector for the spreading of this Trojan. Oftentimes, data-encrypting Trojans are masked as seemingly harmless attachments, which the users are urged to launch on their systems by a fraudulent message. If they give in, their systems will be compromised immediately.

However, this is not the only propagation method that the authors of ransomware threats use, but it is likely the most common one. Upon infecting a system, the Zeoticus Ransomware will make sure to locate the data and apply its encryption algorithm to lock the targeted files. When the Zeoticus Ransomware encrypts a file, it also alters its name by adding a ‘.zeoticus’ extension at the end of the filename. For example, a file that the user may have called ‘Persian-cat.gif’ initially will be renamed to ‘Persian-cat.gif.zeoticus’ after the encryption process has been completed. To make the file-recovery extra difficult, the Zeoticus Ransomware makes sure to wipe out the Shadow Volume Copies of the affected files.

The Ransom Note

In the next step of the attack, the Zeoticus Ransomware drops its ransom note on the victim’s desktop. The ransom message is contained in a file called ‘READ_ME.html.’ In the note, the attackers provide three email addresses where victims are encouraged to contact them – ‘zeoticus@tutanota.com,’ ‘zeoticus@aol.com,’ and ‘zeoticus@protonmail.com.’ The ransom note also contains a uniquely generated victim ID, which helps the attackers differentiate between different victims.

It is always good to keep your distance from cyber crooks like the ones who have developed the Zeoticus Ransomware. Paying them the ransom fee demanded does not guarantee that they will provide you with the decryption key you need to unlock your data. A far safer approach in this difficult situation is to download and install a legitimate anti-virus software solution that will help you remove the Zeoticus Ransomware safely from your PC.