Zenis ransomware virus is one of the newest crypto-malware infections we have detected this March. Even though we have found quite a few viruses this month, like Princess Locker 2.0 and ScammerLocker, the newest discovery is more complicated than others. While at first this malware might have resembled a joke (because of the ransom note that features a phrase “mischievous boy”), soon enough researcher began receiving reports from victims, claiming that this variant has attacked their computers. Therefore, even though the Zenis virus was misjudged at first, it now has become one of the ransomware variant that users should be careful of (Ransomware Resilience: Detect and Respond).
Zenis crypto-virus targets companies and locks their digital data
Zenis ransomware appears to be distributed quite rapidly, as researchers received alarming messages from 3 victims in the time period of 40 hours. To make things even more interesting, specialists are worried that this crypto-malware plans to infect not only individual computers, but companies as well. The majority of victims were organizations or businesses. Considering this, we are convinced that Zenis crypto-virus is targeting companies that definitely have enough resources to pay the ransoms (while the owners of individual computers might not have the necessary funds to pay for the decryption keys).
Our researchers’ team took a closer look at the ransom note, displayed in Zenis-Instructions.html file. We can certainly understand why this ransomware would be underestimated at first: the language in the note does seem peculiar. The Zenis infection is described as “a game” which victims should try to win by following the enumerated instructions.
First of all, victims of Zenis ransomware are supposed send one of the encrypted files to hackers. This communication might be established thru [email protected] and [email protected]. If victims do not receive a response in six hours, they can contact crooks via additional email addresses: [email protected] and [email protected]. Hackers attempt to prove that they can decrypt files; therefore, the file they receive will be recovered and sent back to the victim. Then, victims are supposed to verify that the decrypted file works. Then, hackers will be ready to reveal the actual price for the Zenis Decryptor.
The payload of Zenis crypto-malware is IIS_Agent32.exe. Luckily, the most reliable scanning tools already detect this file as malicious. In other news: the extension, appended to encrypted digital files, appears to be more complicated than usual. Victims’ data will feature .Zenis- <2_chars>.<12_chars>.
How can I recover files that the Zenis ransomware has encrypted?
Currently, there appears to be no way to decrypt your files for free. Therefore, if you become infected with Zenis ransomware, you are going to have to be patient until researchers release better news. We do recognize the temptation of paying the ransom, especially for companies since they might be unable to execute their regular operations because of the lost files. However, paying the ransom is not going to solve the bigger issue: the fact that hackers are becoming more aggressive with their ransomware viruses (Less than half of paying ransomware targets get their files back). If you become infected, never consider giving up and making transactions for the decryptions keys.
There is one way to make sure that your data would be safe. Please back up your data in secure storages in case you need to retrieve these copies. In addition to that, please update your software and operating system to avoid exploitable vulnerabilities.
How can Zenis crypto-malware invade my computer?
Zenis ransomware might be distributed thru exploit kits. It could be that hackers are looking for unpatched vulnerabilities that might be exploitable. On the other hand, you could become infected thru malicious spam. This means that hackers will send deceptive email messages, urging people to download harmful files. Therefore, you should never download attachments from unknown sources.
Lastly, when users become infected with ransomware, they have to be aware of the ways that the infection can be removed. It is important for victims to know how a system restore should be done: instructions for this process can be found here. In addition to that, we are hoping that you will decide to run a scan with an anti-malware tool to make sure that no harmful programs would reside in your computer. We recommend trying Spyhunter.
Automatic Malware removal tools