Threat Database Ransomware ZES Ransomware

ZES Ransomware

By GoldSparrow in Ransomware

According to the cybersecurity researchers who first detected the ZES Ransomware, it is not to be considered a unique ransomware threat. Instead, it should be regarded as a variant of the Shootlock/Oled Ransomware. It is still a serious malware threat that can wreak havoc if it manages to infiltrate any computer. By employing a combination of AES and RSA encryption algorithms, the ZES Ransomware ensures that the encrypted files remain locked virtually without the necessary decryption key. Nearly all of the most common file types are targeted by this threat. Upon successful encryption, every file will have its original file name modified to the following pattern - [original name].[][].zes.

The ZES Ransomware will drop a text file named "readme-warning.txt" containing a ransom note on the desktop of the victim's computer. The note specifies that the users affected by the ZES Ransomware should use the email '' to contact the criminals and be prepared to use Bitcoin as a payment method. The hackers offer the option to decrypt two simple files that are less than one MB in size for free, as a gesture of goodwill and as a demonstration of their ability to restore the encrypted data.

Upon successful payment, users are promised that they will receive a decryption tool alongside detailed instructions for its use. Unfortunately, such a tool may never be delivered, and even if it is, it will manage to return the files to their previous state. That is why most cybersecurity researchers recommend against initiating any communication with the criminals behind the ZES Ransomware.

The full text of the ransom note generated by the ZES Ransomware is:

'::: Greetings :::

Little FAQ:
Q: Whats Happen?
A: Your files have been encrypted and now have the "zes" extension. The file structure was not damaged, we did everything possible so that this could not happen.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
Q: How to contact with you?
A: You can write us to our mailbox:
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
Q: If I donít want to pay bad people like you?
A: If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice – time is much more valuable than money.

DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions – please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'

Related Posts


Most Viewed