Microsoft warns of worm ransomware, finds fix in Windows 10 upgrade
Malware an opportunity to Edge out Redmond rivals
Microsoft is warning of a wormable ransomware that infects removable drives on versions of its operating system below Windows 10.
The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers.
It drops a warning notice in a HTML file informing victims that their removeable device files are encrypted, and can be decrypted only after payment of $500 in Bitcoins.
ZCrypt runs on 64 bit Windows XP relics, and version 7 and 8 boxes that have resisted the Windows 10 upgrade blitzkrieg.
"We are alerting Windows users of a new type of ransomware that exhibits worm-like behaviour," Microsoft's security team says.
"This ransom leverages removable and network drives to propagate itself and affect more users."
Redmond recommends users protect themselves by first upgrading to Windows 10 and updating antivirus, backing up hard drive files, and using the Windows Edge browser.
Macros should also be banished, and pirate and porn sites avoided.
The malware throws a fake Windows alert suggesting a USB device has not been detected while the files are encrypted.
Trend Micro malware man Michael Jay Villanueva says the ransom demand will increase to $2200 over five days if the ransom is not paid. This is a common ploy to prevent the chance of subversion and increase likelihood of panicked payment.
"This ransomware is one of the few ransomware families that is capable of spreading on its own," Villanueva says.
"It drops a copy of itself in removable drives, making use of USBs a risky practice."
Most antivirus will detect at least some variations of the trojan, but there appears to be no way to decrypt files for free. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Internet Explorer
- Kenna Security
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- Office 365
- Palo Alto Networks
- Patch Tuesday
- SQL Server
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Windows 11
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox 360
- Zero trust