Zepto Ransomware Is Here



By now, you should be familiar with the term Ransomware. For those who are unaware, Ransomware is a particularly malicious computer virus which, when launched, encrypts the files on the victim’s computer and demands a ransom in the form of BitCoins.

What is a Zepto file?

Ransomware is an ever-growing, evolving beast that has proven difficult to contain in the past. A new breed of the virus appeared in June 2016, targeting Windows users worldwide. Zepto is an update on the older Locky Ransomware virus, but behaves much in the same way. It encrypts files on the victim’s computer so they’re completely inaccessible to anyone but an IT whizz, and demands a payment to unlock the files. The most noticeable difference between the two viruses is that Zepto locks the files under its own file extension, .zepto – hence the name.

Like most ransomware, Zepto generally gains access to your computer and files when someone downloads it from an email attachment. After it’s downloaded, the virus quickly spreads through the PC and encrypts files with an asymmetric encryption algorithm. Specifically, Zepto uses RSA-2028 and AES-128 encryption to lock down files; it’s safe to say that the average computer user won’t be able to decrypt their files without the key, offered only in exchange for a ransom fee.

How do you remove the Zepto file?

It’s strongly recommended that users don’t pay the ransom. It’s rare that, upon paying the requested BitCoins, hackers stay true to their word and provide the decryption key – they’re not the most trustworthy of people. Payment is likely to encourage the hackers to increase the ransom amount once they’re aware you’re willing to stump up the cash. Further, it gives hackers the validation they need to attack more businesses.

It’s more important than ever to be aware of Ransomware viruses, and the dangers they pose not only to your personal files, but to your business. It can only take one poorly judged click on an email attachment to lock down your entire business’s file system, through reaching out to the network drive you likely have access to. So what can you do to prevent Ransomware taking you and your business hostage? Here’s some top tips:

Know how to spot Ransomware

Many Ransomware emails are easy to spot due to their basic and irrelevant nature.


As you can see from the image above, emails with Ransomware attached are often vague and direct you to an equally vaguely-named file – often a .zip file. That should be your first clue; .zip files often mask the viruses that lie inside.

You’re most likely to find an .exe file (an executable file – think of software downloads, which are executable files that will run once downloaded) or a .docm – a Macro Enabled Word document. The reason they’re sent in .zip files is because this masks the viruses from your spam filter – clever, eh? The malicious content in the Word documents comes from the macros which, while often used to automate frequently used tasks, can be manipulated. Commonly, the malicious macros will either download a payload from the internet and run it, or have the virus embedded in the document, which is then executed by the macros.

It’s vital that your staff is aware of unsolicited emails like this; to the trained eye, they look easy to spot. But there’s a technophobe hiding away in every office…

Back-up your files – and properly

Backing up your files and data is hugely valuable in protecting you when you’ve been hit by Ransomware. If your files have been locked down by Ransomware, you still have access to them thanks to your back-up – all businesses should back up their systems by default. You don’t need a fancy solution – you can back up files using hardware like discs, USB memory sticks or external hard drives, or on-site back-up servers. You can also back it up externally using – yes, you’ve guessed it – cloud servers. Having a robust back-up system is critical to the security of your business.


It goes without saying that anti-virus and anti-spam products are essential when it comes to preventing Ransomware first reaching your inbox, and then infiltrating your systems. But it’s also important to choose the right products to protect your systems. Established security firms like Sophos are ahead of the game when it comes to finding out about, and preventing, Ransomware with solutions like InterceptX, designed specifically to tackle Ransomware. Robust anti-virus software will detect anything that looks like a virus – past or present – and either quarantines or deletes it before you’re even aware of it. Anti-viruses can act as a virtual bodyguard, preventing the virus from infecting your computer in the first place, or as a cure, removing all traces of the infection from your machine.

Ransomware continues to evolve and grow, as hackers become more determined and their viruses more malicious. But as the threat gets cleverer, so does the security. Subscribe to the TSG blog to stay up-to-date with security threats like Ransomware, and expert tips on how to avoid them.


Article produced by UK IT support solutions company, TSG. For more from the team at TSG, visit their blog, here.

October 19, 2016


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023