Threat Database Ransomware Zoro Ransomware

Zoro Ransomware

By GoldSparrow in Ransomware

Recently, cybersecurity experts detected a new file-locking Trojan lurking in the shadows. It is called the Zoro Ransomware, and upon further inspection by malware researchers, it was concluded that this newly discovered threat is from the Scarab-Bin family. Often, instead of creating a new piece of malware from scratch, cyber crooks alter already existing threats to spread them and use them as their own.

It is not completely clear how this data-encrypting Trojan is being propagated, but it is being speculated that it may be via most common methods like mass spam email campaigns, fake updates, and infected pirated content. When the Zoro Ransomware infiltrates a system, it begins its shenanigans by scanning it to detect the file types it is meant to lock. When identified, the files undergo encryption, which leaves them unusable. When encrypted, the files would receive an additional extension added by the Zoro Ransomware - '.[].zoro.' In this case, a file on the infiltrated computer that was originally called 'monster-energy.png' would be changed to 'monster-energy.png.[].zoro.' Then, the Zoro Ransomware drops off a ransom note named '!!! RESTORE DATA !!!.txt.' Cybercriminals often use all caps and exclamation points when naming ransom notes to ensure the file catches the attention of the victim. In the ransom note, the attackers inform that the files of the user have been encrypted and show them their ID. They go on to provide two email addresses while also insisting the victim contacts both of them – and They also tell the user to email them again if they did not receive a reply the first time.

Despite the authors of the Zoro Ransomware insisting you get in touch with them, we would recommend that you do quite the opposite – stay away from cyber crooks. There is no guarantee that they will deliver on any of the promises they make, but they will take your money gladly. You should obtain a reputable security suite and have it wipe Zoro Ransomware off your computer.

Related Posts


Most Viewed