Ransomware developers have been busy adding more deadly functions to their evil creations. First we heard about DDOS capabilities appearing in modified versions of Cerber. Now Microsoft reports that a new ransomware variant has the power to spread like a worm.
Known as ZCryptor, it infects other users by dropping an autorun.inf file into removable files – at a practical level, thumb drives that are attached to laptops, as well as network drives.
In other words, employees who are copying files onto USBs will be unwittingly spreading ZCryptor throughout the office.
Some are calling this new variant ransomworm. Surprisingly, this is not a new idea in malware history.
The first-ever virus, known as Brain, was essentially DOS-based ransomware that propagated through floppy disks. An infected diskette was made unreadable, and the victims had to call a phone number (in Pakistan) to get “inoculated”.
All the standard prevention and mitigation techniques apply to ZCryptor. Train your staff about identifying phish mails, keep up to date backups, review access rights of folders, and of course monitor with user behavior analytics software to detect unusual file access.
Varonis UBA vs. ZCryptor
User Behavior Analytics or UBA is a new technology that’s up to the challenge of preventing your files from being taken away from you and ransomed.
Without any configuration, our Varonis UBA threat models spot the signs of ransomware activity — when files are being encrypted — and therefore can stop these attacks without having to rely on a static list of signatures as is the case with conventional virus scanners.
Once detected, a series of automated steps can be triggered to prevent ransomware infections like ZCryptor from spreading.
Worried about ransomware? Learn how Varonis User Behavior Analytics can save you some bitcoins!