Cambridge is currently experiencing a bout of the latest Ramsomware virus – called Zepto. We have had a number of machines in from people who have lost data and do not have a backup.
It works like most ransomware does, seizing the files on a victim’s PC and encrypting them. Much like its predecessor, Locky, the new virus changes the name of the files to its own extension: .zepto, which is why it has now become known as the Zepto Virus.
Once the encryption process is complete, the virus then changes the desktop image to a ransom note, informing the affected user of the actions that had taken place and providing instructions as to how the victim can receive the decryption key.
At this point, there is no known way of breaking the encryption, but cyber-security experts are already working on cracking the .Zepto code.
Your options at this moment are twofold:
Pay the ransom (around $US300) – not recommended
Restore your files form a backup you have taken – hopefully recently
Things to learn from this are:
- Beware of emails you are not expecting that have an attachment. Sometimes purporting to be an invoice you owe – often to a courier company. If it doesn’t look true it probably isn’t
- Make sure you backup your data regularly – you should have a rolling series of backups just in case when you back up your machine you are backing up the already encrypted files (in which case you will be no better off). For businesses we recommend they keep a series of rolling backups for at least a week.
- Have good, strong antivirus. There is no guarantee even then that you won’t be hit – especially if you open the file, but I can guarantee that many of the ‘Free’ antivirus packages simply do not handle this type of threat. At the end of the day you get what you pay for – if you pay nothing that is what you get.