ZeroRansom Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 14,659 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 40 |
| First Seen: | July 6, 2017 |
| Last Seen: | August 11, 2023 |
| OS(es) Affected: | Windows |
The ZeroRansom Ransomware is a ransomware Trojan that was released in July of 2017. The ZeroRansom Ransomware seems to be developed by the same people that created other recently released ransomware variants such as the Lalabitch Ransomware and the J-Ransom Ransomware, both also released in the final week of June and the first week of July 2017. Like various other ransomware Trojans released in the same timeframe, the ZeroRansom Ransomware may be delivered using corrupted spam email attachments. Victims of the ZeroRansom Ransomware attack will receive an email message that uses social engineering to trick the victim into downloading an attached DOCX file. This file will take advantage of a vulnerability in the Microsoft Word that allows it to run a corrupted macro or script to download and install the ZeroRansom Ransomware onto the victim's computer. During this process, a User Account Control alert may appear on the infected computer, asking the victim to authorize the macro. Allowing this macro to be executed will download and install the ZeroRansom Ransomware on the affected computer.
ZeroRansom Until When?
The ZeroRansom Ransomware seems to be downloaded from several sources and assembled on the targeted PC. Once the ZeroRansom Ransomware is installed, it will scan the victim's computer for certain file types. The ZeroRansom Ransomware will encrypt the files located on all local drives, as well as all storage associated with the infected computer, including removable memory devices connected to the victim's PC and directories shared on a network. The ZeroRansom Ransomware will use a strong encryption algorithm to encrypt these files, making them unrecoverable. The version observed by PC security researchers was capable of encrypting the following file types:
.7z, .bat, .c, .cpp, .cs, .db, .dll, .doc, .docx, .gif, .jar, .java, .jpg, .mp3, .mp4, .pdf, .peg, .png, .ppt, .pptx, .rar, .sln, .txt, .xls, .xlsx, .zip.
The ZeroRansom Ransomware will mark three files affected by the attack by adding the file extension '.z3r0' to each affected file's name. The ZeroRansom Ransomware will display a ransom note on the infected computer after encrypting the victim's data. This ransom note, a text file named 'EncryptNote_README.txt' will alert the victim of the attack, but will not display any contact information or payment instructions, which could allow the victim to pay a ransom to recover from the attack (the whole point of ransomware attacks like the ZeroRansom Ransomware). The following is the notification displayed in the ZeroRansom Ransomware attack:
'All your important files have been encrypted by ZeroRansom. Please follow instruction below to keep your file
1. Don't try to do anything stupid like delete the encryptor or terminate its process.
2. Turn off your anti-virus program and make sure it hasn't deleted any file of the encryptor
3. Follow these rule strictly, or your files will be deleted FOREVER
4. Thanks for reading this. Have a good day, sir. :)'
The ZeroRansom Ransomware has been linked to two Gmail accounts: 'zerounix48@gmail.com' and 'zerounix32@gmail.com.' Con artists responsible for these attacks will rarely use public email accounts like these because they can be blocked or intercepted easily. This may mean that the people responsible for the ZeroRansom Ransomware attack are not very sophisticated.
Dealing with the ZeroRansom Ransomware Infection
Ransomware Trojans like the ZeroRansom Ransomware can be extremely destructive, resulting in the loss of the victim's data. Because of this, file backups are the best protection against the ZeroRansom Ransomware and other ransomware Trojans. When victims of the ZeroRansom Ransomware attack have the possibility of recovering their files from a backup, then the people responsible for the ZeroRansom Ransomware attack lose any power over the victim that gives them the opportunity to make ransom demands. Apart from file backups, it is also needed to have a reliable security program and be educated on how to handle all spam email attachments appropriately.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.