EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|80 % (High)
|March 21, 2017
|August 23, 2023
The ZinoCrypt Ransomware is an encryption ransomware Trojan that was first observed on March 20, 2017. The ZinoCrypt Ransomware does not seem to belong to a larger ransomware family, but it is a standalone ransomware Trojan designed to force computer users to pay large ransoms to recover their files, which are taken hostage during the attack. The ZinoCrypt Ransomware attacks seem to be targeted to English-speaking countries and regions in Europe. The most common way of spreading the ZinoCrypt Ransomware, just as with other ransomware Trojans, is through the use of spam email messages. These emails contain corrupted file attachments that use compromised scripts to download and install the ZinoCrypt Ransomware on the victim's computer. The ZinoCrypt Ransomware can be installed in a wide variety of ways apart from this, though. Other ways in which a threat like the ZinoCrypt Ransomware could be installed include hacking into the victim's computer directly and disguising the ZinoCrypt Ransomware as another file distributed on Torrent networks or shady Websites.
Table of Contents
How the ZinoCrypt Ransomware Attack Works
The ZinoCrypt Ransomware is very similar to a wide variety of other ransomware Trojans that are active currently. The ZinoCrypt Ransomware uses a strong encryption method, which combines the AES and RSA encryptions to make the victim's files inaccessible completely. Once the victim's files have been locked, the ZinoCrypt Ransomware demands the payment of a ransom. The ZinoCrypt Ransomware will target files in all local drives, as well as devices shared on the network. The ZinoCrypt Ransomware will search for numerous file types, including images, videos, audio, various document types, databases and numerous others. Like other ransomware Trojans, the ZinoCrypt Ransomware will add the extension '.ZINO' to the end of the files' names after encryption (making it easy to note which files have been compromised during the attack). The files that are encrypted by the ZinoCrypt Ransomware become inaccessible, and will not be opened with the Windows Explorer or the applications usually used to access them.
The ZinoCrypt Ransomware’s Ransom Note
After the ZinoCrypt Ransomware has finished encrypting the victim's files, the ZinoCrypt Ransomware demands the payment of a ransom using a text note. This note, named 'ZINO_NOTE.txt' is dropped on the Desktop of the infected computer. The ZinoCrypt Ransomware's ransom note includes a large ASCII image logo and the following text:
'ZinoCrypt Ransomware - 2017 Edition
Your important files has been encrypted with the new the ZinoCrypt Ransomware. (Photos, Videos, Etc..)
There are no tools online that will allow you to decode your files for free.
The only way to get your files back is to pay us.
Payment would be done stricly via BTC / Bitcoin.
Do not worry, al your files are safe, but are unavailable at the moment.
To recover the files you need to get special decryption software and personal key.
You can contact us:
Primary Email: ZinoCrypt@protonmail.com
Personal ID: [RANDOM CHARACTERS]'
Dealing with a ZinoCrypt Ransomware Infection
PC security researchers strongly advise computer users to refrain from paying the ZinoCrypt Ransomware's ransom or contacting the con artists via the email provided in the ZinoCrypt Ransomware ransom note. Instead, it is necessary to recover the files using backup copies and remove the ZinoCrypt Ransomware infection itself with the help of a reliable security program that is fully up-to-date. Unfortunately, the nature of the ZinoCrypt Ransomware's encryption means that the files that are encrypted using its encryption algorithm will not be recoverable without the decryption key. However, the people responsible for these attacks have a history of ignoring the victims' payments or demanding further payments and continuing to extort the victim. This is why file backups are an important computer security tool. Having file backups makes computer users immune from the ZinoCrypt Ransomware and similar attacks completely. Instead of having to acquiesce to the con artists' demands, the ZinoCrypt Ransomware should ignore the ransom note and restore their files with the backup copies stored on an external memory device or the cloud.