Threat Database Ransomware ZeroRansom Ransomware

ZeroRansom Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 14,659
Threat Level: 100 % (High)
Infected Computers: 40
First Seen: July 6, 2017
Last Seen: August 11, 2023
OS(es) Affected: Windows

The ZeroRansom Ransomware is a ransomware Trojan that was released in July of 2017. The ZeroRansom Ransomware seems to be developed by the same people that created other recently released ransomware variants such as the Lalabitch Ransomware and the J-Ransom Ransomware, both also released in the final week of June and the first week of July 2017. Like various other ransomware Trojans released in the same timeframe, the ZeroRansom Ransomware may be delivered using corrupted spam email attachments. Victims of the ZeroRansom Ransomware attack will receive an email message that uses social engineering to trick the victim into downloading an attached DOCX file. This file will take advantage of a vulnerability in the Microsoft Word that allows it to run a corrupted macro or script to download and install the ZeroRansom Ransomware onto the victim's computer. During this process, a User Account Control alert may appear on the infected computer, asking the victim to authorize the macro. Allowing this macro to be executed will download and install the ZeroRansom Ransomware on the affected computer.

ZeroRansom Until When?

The ZeroRansom Ransomware seems to be downloaded from several sources and assembled on the targeted PC. Once the ZeroRansom Ransomware is installed, it will scan the victim's computer for certain file types. The ZeroRansom Ransomware will encrypt the files located on all local drives, as well as all storage associated with the infected computer, including removable memory devices connected to the victim's PC and directories shared on a network. The ZeroRansom Ransomware will use a strong encryption algorithm to encrypt these files, making them unrecoverable. The version observed by PC security researchers was capable of encrypting the following file types:

.7z, .bat, .c, .cpp, .cs, .db, .dll, .doc, .docx, .gif, .jar, .java, .jpg, .mp3, .mp4, .pdf, .peg, .png, .ppt, .pptx, .rar, .sln, .txt, .xls, .xlsx, .zip.

The ZeroRansom Ransomware will mark three files affected by the attack by adding the file extension '.z3r0' to each affected file's name. The ZeroRansom Ransomware will display a ransom note on the infected computer after encrypting the victim's data. This ransom note, a text file named 'EncryptNote_README.txt' will alert the victim of the attack, but will not display any contact information or payment instructions, which could allow the victim to pay a ransom to recover from the attack (the whole point of ransomware attacks like the ZeroRansom Ransomware). The following is the notification displayed in the ZeroRansom Ransomware attack:

'All your important files have been encrypted by ZeroRansom. Please follow instruction below to keep your file
1. Don't try to do anything stupid like delete the encryptor or terminate its process.
2. Turn off your anti-virus program and make sure it hasn't deleted any file of the encryptor
3. Follow these rule strictly, or your files will be deleted FOREVER
4. Thanks for reading this. Have a good day, sir. :)'

The ZeroRansom Ransomware has been linked to two Gmail accounts: '' and '' Con artists responsible for these attacks will rarely use public email accounts like these because they can be blocked or intercepted easily. This may mean that the people responsible for the ZeroRansom Ransomware attack are not very sophisticated.

Dealing with the ZeroRansom Ransomware Infection

Ransomware Trojans like the ZeroRansom Ransomware can be extremely destructive, resulting in the loss of the victim's data. Because of this, file backups are the best protection against the ZeroRansom Ransomware and other ransomware Trojans. When victims of the ZeroRansom Ransomware attack have the possibility of recovering their files from a backup, then the people responsible for the ZeroRansom Ransomware attack lose any power over the victim that gives them the opportunity to make ransom demands. Apart from file backups, it is also needed to have a reliable security program and be educated on how to handle all spam email attachments appropriately.


Most Viewed