These emails use simple social engineering tricks to give them a greater sense of legitimacy, often addressing recipients by name, and offering files couched in language like, “here’s the document you have requested.”
Of course, when the file that has been “requested” is clicked on, the ransomware installs via a malicious JavaScript, which encrypts all the files on the machine the user is currently logged onto. These files are appended with the .zepto extension, and cannot be unlocked until and unless the user agrees to pay the fee. The instructions are displayed on the screen once the encryption has been completed.
Zepto is a variant of the infamous “Locky” ransomware, which continues to spawn a growing number of variants, each increasing in their sophistication over the last. The cumulative impact of these kinds of attacks are having a devastating effect on people, both at the individual and Enterprise level.
Unfortunately, the Talos Group’s findings aren’t isolated. Security firm FireEye has also reported on the sharp spike in Locky spam (and related variants like Zepto), which has so far impacted a broad swath of users in more than fifty countries.
All of this points to the urgent need to bolster Enterprise security, including additional employee training, especially as it relates to emails and the proper handling of email attachments. In short, if you receive an email from someone you don’t know, and don’t specifically recall requesting information, don’t click on, or attempt to open any files that email might contain.
Even if you did request information from a specific user, it pays to take the extra step of contacting them via some other channel (a phone call, for instance) and verify that they actually sent you the file in question.
One thing we know for certain – this problem will undoubtedly worsen before we see any significant improvement.