Zeronine Ransomware

Cybersecurity analysts have spotted a new file-encrypting Trojan in the wild. This new threat is called the Zeronine Ransomware. Ransomware threats are a very popular malware type that allows its operators to encrypt all the data present on a targeted computer and then extort the victim.

Propagation and Encryption

The Zeronine Ransomware is likely distributed with the help of phishing emails. This is one of the most commonly utilized distribution methods. These emails are designed to mislead users into believing that they originate from legitimate sources. Often, they would contain a link that would redirect the users to download a corrupted file or offer them a misleading attachment designed to compromise their systems once launched. Other propagation methods include malvertising campaigns, fake software updates and downloads, bogus pirated variants of applications, etc. When the Zeronine Ransomware infects your computer, it will begin encrypting your files. It is likely that this file-locking Trojan goes after a wide variety of filetypes including the most popular ones such as .jpeg, .pdf, .gif, .jpg, .xls, .doc, .ppt, .mov, .mp3, .xlsx, .pptx, .mp4, .rar, .docx, etc. To lock the files on your computer, the Zeronine Ransomware would use an encryption algorithm. The names of all the affected files will be changed because the Zeronine Ransomware adds a ‘.zeronine’ extension to their names. For example, a file you had called ‘strawberry-sky.mov’ originally will be renamed to ‘strawberry-sky.mov.zeronine.’

The Ransom Note

To explain to the users what has happened to their data, the Zeronine Ransomware would drop a ransom note on their systems. The ransom message of the authors of the Zeronine Ransomware appears in a new window. The ransom note is available both in English and Turkish. In the note, the attackers offer to decrypt three files free of charge. This a common technique used by cybercriminals, and it serves as proof that they are able to reverse the damage done to the victim’s data. The creators of the Zeronine Ransomware demand to be contacted via the Discord messaging service – ‘umutcankurhan#9743.’

It is likely that the Zeronine Ransomware authors would inform the users about the decryption fee once they get contacted. Malware experts advise users to avoid contacting cyber crooks like the ones behind the Zeronine Ransomware. You may not receive the decryption key you need, even if you pay the ransom fee. Make sure you remove the Zeronine Ransomware from your computer with the help of a genuine anti-virus software suite.