Threat Database Ransomware ZoLiSoNaL Ransomware

ZoLiSoNaL Ransomware

The ZoLiSoNaL Ransomware is a file-locking Trojan that's a part of Xorist Ransomware's family group, which uses a 'freeware' style construction kit. Because its attacks lock files with limited potential for reversing the effect, Windows users should establish backups for restoring any work without submitting to the Trojan's extortion. Most PC security programs should detect and delete the ZoLiSoNaL Ransomware in standard Windows environments.

Windows Users Seeing More than Double in Ransom Notes

Not every hacker with plans of extorting money from blocking files is happy with paying fees or percentages of profit for a premium Ransomware-as-a-Service. Alternatives for these cheaper threat actors include 'freeware' families like Hidden Tear or the even more convenient Xorist Ransomware kit. From this Trojan builder tool, malware experts see another emergent product: the ZoLiSoNaL Ransomware.

The ZoLiSoNaL Ransomware is similar to other byproducts of Xorist Ransomware reasonably, such as 2021's VaPo Ransomware, the ZoLiSoNaL Ransomware, the Lockerxxs Ransomware or the Flubo Ransomware. Using either XOR or TEA-based encryption, it locks media files of popularly used formats, such as Word documents, JPG pictures, MP3 music, AVI movies or various server databases. Due to the Trojan adding its personalized extension to their names, the impact is visible for any victims immediately.

The threat actor uses text, desktop wallpaper, and pop-up messages for delivering an identical ransom note (including typos) in three separate ways. These messages sell theoretical decryption or data recovery from the criminal for Bitcoin cryptocurrency. Unlike most new Trojans, the ZoLiSoNaL Ransomware's Bitcoin wallet isn't empty, although most transactions are too variable for conforming to its specific ransom demands (roughly two hundred and fifty USD). As always, malware experts recommend against partaking in the high-risk solution of paying attackers for their recovery help, if possible.

Standardized Cures for Mass-Produced Media Poison

Like most file-locker Trojans that make their money off of sabotaging content through encryption, there's little to no hope of unlocking or decrypting any files for free. As local backups also tend to be at risk from further attacks, malware experts can't recommend relying on them without any other fallback points. Users always should back any invaluable files up to other devices for optimal preservation and recovery from threats like the ZoLiSoNaL Ransomware.

The ZoLiSoNaL Ransomware's campaign is sufficiently new that there are limited samples of infection vector-related attacks. Malware experts recommend that server admins check passwords for vulnerabilities, responsibly limit RDP accessibility, and maintain appropriate software-updating schedules. For individual Windows users, there also is great value in turning off Word and Excel macro features, being cautious around e-mail attachments, and disabling exploitable features like Java, JavaScript, and Flash.

So far, nearly all AV vendors are flagging this threat correctly. Any users with anti-malware protection can leverage these solutions for uninstalling the ZoLiSoNaL Ransomware, either automatically or during in-depth system scans.

With wallpaper hijackings and other high-visibility effects, there's no mistaking the entrance of a Trojan like the ZoLiSoNaL Ransomware into one's PC. Stopping it from stepping inside is the critical moment for any user unless one's files are fundamentally disposable.


Most Viewed