New ransomware will worm its way onto your PC!

Most ransomware can lock you out of your personal files and make you want to tear your hair out, but it takes a real wicked one to copy itself onto your removable and networked drives as well!  

This new ransomware is called ZCryptor and it can infect not only your PC, but any external drive that is attached to it. It can function just like a worm, with the ability to replicate across physical and network drives. Can victims of ZCryptor wriggle free?

Microsoft was quick to warn users about the threat on its blog. The good news is that Microsoft seems to have a fix for the ransomware, however it’s not really a perfect solution.

So how does ZCryptor work? First it installs itself on your system either using a fake Flash installer, malicious email attachment or Microsoft Office macro malware. Then it starts encrypting your files and alters the Windows Registry so that the malware runs at start up.

Your web browser will pop up with a warning saying that all your personal files have been encrypted and the only way to recover them is to pay the ransom of 1.2 Bitcoin ($500). It also warns you not to try and get rid of the program because it will destroy the decryption key and restoring your files will become impossible. This probably isn’t 100% true, but it is enough to make most people scared.

What makes this ransomware different from all the others is its ability to worm its way onto anything connected to your PC, and yes, that includes anything with storage, including your mobile device!

No ransomware – until now – has actually installed copies of itself onto secondary drives. So, even wiping your hard drive or trying to transfer encrypted backup files may not solve the ZCryptor problem.

Who should be the most concerned? Well, mostly business users. Why? Because ZCryptor can pull the same trick with networked drives! If one employee accidentally downloads the ransomware, it can easily spread to a shared network drive and worm its way into every machine in the office.

Doing an antivirus scan can get rid of the ZCryptor program; however that only solves half the problem. There is no easy way to decrypt infected files, so it is recommended that you restore backups instead. The solution is dependent on whether or not you do regular backups, either on your hard drive, online or on an external device.

The best medicine is always prevention. Avoid suspicious websites and emails, keep your antivirus program up and running and always ensure that Windows is up to date.

For a wide range of IT services and equipment, ranging from IT support, general maintenance and network solutions to graphic design and website hosting - contact The Computer Guyz in Cape Town or Centurion today.