PDA

View Full Version : zepto virus



piva
17-07-2016, 06:05 PM
Just been caught at work by this encryption virus. I havent worked out how it got in yet - possibly by an email attachment but it also migrated into the work server which is being now being restored from bakups. It all happened fast. I noticed that a couple of excel directories I hadnt used recently were showing current dates, then inside were files ending in .ZEPTO and an file .html which started _ and a number......html which had the ransom demand!. After a few minutes lot more turned up on the deskptop -- as they say the rest is history! The PC will have to be rebuilt and many hours spent reinstalling specialist communications software!

pctek
17-07-2016, 06:26 PM
1) A complete image of the PC
2)Recent backups of data

Easy as.

1101
18-07-2016, 12:45 PM
The PC will have to be rebuilt and many hours spent reinstalling specialist communications software!

The virus itself is VERY easy to remove, if you want to take that chance of just a cleanup.
Personally, I would do a reload .

It also attacks dropbox & onedrive files .
It comes in via bogus email .

LittleScream
29-07-2016, 08:20 AM
Hello! Try to perform full scan with a help of ShadowExplorer or Recuva. These free applications can help you to restore files from shadow copies, but there are no 100% guarantee.

B.M.
29-07-2016, 09:53 AM
Piva, have you any knowledge as to whether your company has had any E-Mail communication from Hertz Rental Cars?

Now, let me make it perfectly clear, I am NOT accusing Hertz of spreading this Virus.

It is just that the attack I had to deal with just happened to have and E-Mail from Hertz opened close to the time of the attack.

With that in mind I figure that an International Company like Hertz would be an ideal company to hack and use as a mule to spread this Virus and Iím equally sure Hertz would like to know if they had been hacked. :)

Just a thought.

1101
29-07-2016, 11:10 AM
NOT[/B] accusing Hertz of spreading this Virus.

It is just that the attack I had to deal with just happened to have and E-Mail from Hertz opened close to the time of the attack.

With that in mind I figure that an International Company like Hertz would be an ideal company to hack and use as a mule to spread this Virus and I’m equally sure Hertz would like to know if they had been hacked. :)

Just a thought.

sorry MB , but...
This is EXACTLY the reason these virus's spread, people just opening random emails
Lets make this 100% clear, HERTZ WOULD NOT HAVE SENT AN INFECTED EMAIL. It would be a hacker pretending to send from Hertz

I not sure how many times it has to be said, treat all email with attachments as suspicious

Just because it looks like it was sent from a company means nothing.
Its all to easy for hackers to send email that looks like they were sent from legit companies .
If you werent expecting that email,and it seems unusual, delete it.

1101
29-07-2016, 11:16 AM
Hello! Try to perform full scan with a help of ShadowExplorer or Recuva. These free applications can help you to restore files from shadow copies, but there are no 100% guarantee.

the zepto I looked at, there were no shadow copies.
So either the virus disabled & removed them, or shadow copies (VSS) just wasnt running before the attack.

B.M.
29-07-2016, 11:37 AM
sorry MB , but...
This is EXACTLY the reason these virus's spread, people just opening random emails
Lets make this 100% clear, HERTZ WOULD NOT HAVE SENT AN INFECTED EMAIL. It would be a hacker pretending to send from Hertz

I not sure how many times it has to be said, treat all email with attachments as suspicious

Just because it looks like it was sent from a company means nothing.
Its all to easy for hackers to send email that looks like they were sent from legit companies .
If you werent expecting that email,and it seems unusual, delete it.

Sorry 1101 but the E-Mail from Hertz WAS genuine, she works part time for them and it contained information relative to genuine business.

That is why I was thinking along the lines of their site being hacked rather than the normal Spoof's that are around in abundance.

Billy T
03-08-2016, 10:03 PM
How many members are going to fall for email-based scams before they learn not to download anything at all until they have checked it in MailWasher.

I have deleted literally thousands of shonky emails, many of which could likely have carried a payload, and a hell of a lot that did, in the form of zip files and a range of others that I don't even begin to understand, but I can poke my nose into the content and that usually provides confirmation. As a first line of defence, it is worth its weight in gold (metaphorically speaking), because nothing gets downloaded during the assessment and clear-out process.

Cheers

Billy 8-{) :(