Threat Database Ransomware ZinoCrypt Ransomware

ZinoCrypt Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 16,980
Threat Level: 80 % (High)
Infected Computers: 439
First Seen: March 21, 2017
Last Seen: August 23, 2023
OS(es) Affected: Windows

The ZinoCrypt Ransomware is an encryption ransomware Trojan that was first observed on March 20, 2017. The ZinoCrypt Ransomware does not seem to belong to a larger ransomware family, but it is a standalone ransomware Trojan designed to force computer users to pay large ransoms to recover their files, which are taken hostage during the attack. The ZinoCrypt Ransomware attacks seem to be targeted to English-speaking countries and regions in Europe. The most common way of spreading the ZinoCrypt Ransomware, just as with other ransomware Trojans, is through the use of spam email messages. These emails contain corrupted file attachments that use compromised scripts to download and install the ZinoCrypt Ransomware on the victim's computer. The ZinoCrypt Ransomware can be installed in a wide variety of ways apart from this, though. Other ways in which a threat like the ZinoCrypt Ransomware could be installed include hacking into the victim's computer directly and disguising the ZinoCrypt Ransomware as another file distributed on Torrent networks or shady Websites.

How the ZinoCrypt Ransomware Attack Works

The ZinoCrypt Ransomware is very similar to a wide variety of other ransomware Trojans that are active currently. The ZinoCrypt Ransomware uses a strong encryption method, which combines the AES and RSA encryptions to make the victim's files inaccessible completely. Once the victim's files have been locked, the ZinoCrypt Ransomware demands the payment of a ransom. The ZinoCrypt Ransomware will target files in all local drives, as well as devices shared on the network. The ZinoCrypt Ransomware will search for numerous file types, including images, videos, audio, various document types, databases and numerous others. Like other ransomware Trojans, the ZinoCrypt Ransomware will add the extension '.ZINO' to the end of the files' names after encryption (making it easy to note which files have been compromised during the attack). The files that are encrypted by the ZinoCrypt Ransomware become inaccessible, and will not be opened with the Windows Explorer or the applications usually used to access them.

The ZinoCrypt Ransomware’s Ransom Note

After the ZinoCrypt Ransomware has finished encrypting the victim's files, the ZinoCrypt Ransomware demands the payment of a ransom using a text note. This note, named 'ZINO_NOTE.txt' is dropped on the Desktop of the infected computer. The ZinoCrypt Ransomware's ransom note includes a large ASCII image logo and the following text:

'ZinoCrypt Ransomware - 2017 Edition
Your important files has been encrypted with the new the ZinoCrypt Ransomware. (Photos, Videos, Etc..)
There are no tools online that will allow you to decode your files for free.
The only way to get your files back is to pay us.
Payment would be done stricly via BTC / Bitcoin.
Do not worry, al your files are safe, but are unavailable at the moment.
To recover the files you need to get special decryption software and personal key.
You can contact us:
Primary Email:

Dealing with a ZinoCrypt Ransomware Infection

PC security researchers strongly advise computer users to refrain from paying the ZinoCrypt Ransomware's ransom or contacting the con artists via the email provided in the ZinoCrypt Ransomware ransom note. Instead, it is necessary to recover the files using backup copies and remove the ZinoCrypt Ransomware infection itself with the help of a reliable security program that is fully up-to-date. Unfortunately, the nature of the ZinoCrypt Ransomware's encryption means that the files that are encrypted using its encryption algorithm will not be recoverable without the decryption key. However, the people responsible for these attacks have a history of ignoring the victims' payments or demanding further payments and continuing to extort the victim. This is why file backups are an important computer security tool. Having file backups makes computer users immune from the ZinoCrypt Ransomware and similar attacks completely. Instead of having to acquiesce to the con artists' demands, the ZinoCrypt Ransomware should ignore the ransom note and restore their files with the backup copies stored on an external memory device or the cloud.


Most Viewed