Threat Database Ransomware Zilla Ransomware

Zilla Ransomware

By GoldSparrow in Ransomware

The Zilla Ransomware is a threat infection that is written using the Microsoft .NET Framework. This allows the Zilla Ransomware to take advantage of the Windows resources that are pre-compiled to carry out its attack. This also allows the Zilla Ransomware to run on old versions of the Windows operating system, including Windows XP and Windows Vista, which are still widely used around the world. PC security researchers have detected other encryption ransomware Trojans written with the same framework. This allows the Zilla Ransomware to bypass some anti-virus programs. However, the Zilla Ransomware is not a sophisticated threat, with none of the characteristics that have been observed in advanced ransomware Trojans. However, the Zilla Ransomware is capable of carrying out an effective ransomware attack, which consists of encrypting the targeted data and then demanding payment of a ransom in exchange for the decryption key necessary to recover the affected files.

The Zilla that is Targeting Turkey Primarily

The Zilla Ransomware Trojan was first observed on June 6, 2017. The Zilla Ransomware seems to be aimed at computer users in Turkey specifically, although the Zilla Ransomware attacks have popped up outside of this country. A wave of ransomware Trojans that appeared in June 2017 aimed at computer users in Turkey specifically. These include ransomware Trojans such as the Ransomeer Ransomware and the Executioner Ransomware. The Zilla Ransomware is designed to infect private computer users rather than business specifically. However, the Zilla Ransomware seems to be incomplete since in its current version it does not include instructions for the victim to pay the ransom. This means that, in its current state, the Zilla Ransomware lacks a crucial element that is part of these attacks. After all, the first step is encrypting the victim's files (which the Zilla Ransomware does), and the second is demanding the payment of a ransom to profit from the attack. It is this second step that the Zilla Ransomware fails to carry out. However, it is possible that an updated version of the Zilla Ransomware or an appearance of the Zilla Ransomware with different name and branding will be released, which will carry out the full version of these attacks.

How the Zilla Ransomware Carries out Its Attack

The Zilla Ransomware infection is typical of these infections. The Zilla Ransomware will encrypt the victim's files, using a strong encryption algorithm. In its attack, the Zilla Ransomware will target a wide variety of file types, including the following (among many others):

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

Once the Zilla Ransomware encrypts a file, it is no longer functional. Windows Explorer will no longer recognize the file, and the victim will not be able to open the file with any software until the file is decrypted. The Zilla Ransomware will identify the files affected by the attack by adding the file extension '.zilla' to each affected file's name, in the form of a file extension.

Dealing with the Zilla Ransomware

Although the Zilla Ransomware does not deliver a ransom note, it does drop a text file named 'OkuBeni.txt' on the victim's computer (this simply translates as 'Read Me' in Turkish). The Zilla Ransomware ransom note contains the following short sentence:

'Dosyalarınız şifrelendi!
Your Files are encrypted!'

There is no ransom demand. The best protection against the Zilla Ransomware is to have file backups of all your files on a portable memory device or the cloud.

Related Posts


Most Viewed