Microsoft has put out a warning of the ZCrypt ransomware that also has worm-like attributes. It’s currently infecting removable drives on operating systems below Windows 10.
Worm attributes?
ZCrypt is delivered via a familiar but efficient method of phishing emails, Word document macros, and phony Adobe Flash installers.
After a victim is infected, it drops an alert notice in a HTML file revealing to victims that their removeable device data is encrypted, and can only be recovered after a fee of $500 in Bitcoins.
“We are alerting Windows users of a new type of ransomware that exhibits worm-like behaviour,” Microsoft’s security team stated.
The malware tosses a phony Windows notification saying a USB device hasn’t been identified while your files are encrypted.
Michael jay Villianueva of Trend Micro says the ransom payment will increase to a whopping $2200 after five days of not being paid. This is common amongst ransomware to increase a panicked payment from the victim.
“This ransomware is one of the few ransomware families that is capable of spreading on its own,” Villanueva says.
Currently there are no known ways to decrypt the files for free.