Zeoticus is a malicious program that encrypts user files, making them impossible to read. It then demands payment for fixing the files – a ransom. This ransom can be thousands of dollars, if not tens of thousands.
Zeoticus uses file extensions 2020END, pandora, young, etc. to mark files that it has encrypted.
There are two versions of Zeoticus – the older Zeoticus and the newer Zeoticus 2.0. Here, I’ll refer to both of them as Zeoticus.
Zeoticus Ransomware quicklinks
- How to recognize Zeoticus ransomware
- Zeoticus encrypts files and quits programs
- It changes file names
- How to get your files back
- How to remove Zeoticus ransomware
- Automatic Malware removal tools
- How to recover Zeoticus Ransomware encrypted files and remove the virus
- Step 1. Restore system into last known good state using system restore
- 1. Reboot your computer to Safe Mode with Command Prompt:
- 2.Restore System files and settings.
- Step 4. Use Data Recovery programs to recover Zeoticus Ransomware encrypted files
About Zeoticus ransomware:
|Type of threat||Ransomware,
|Zeoticus infection symptoms||Files have their names changed and they won’t open,
some programs close on their own,
unfamiliar files show up on their own.
|How to get back your data||Restore from backups,
use data recovery tools.
|How to delete Zeoticus ransomware||Use antivirus programs (Spyhunter, others) to find and delete all malware.|
How to recognize Zeoticus ransomware
Zeoticus encrypts files and quits programs
Zeoticus ransomware is yet another file-locking extortion program. As ransomware, it’s remarkable for being able to work offline, without an internet connection (Zeoticus 2.0 | Ransomware With No C2 Required).
Before encrypting any files, Zeoticus kills unwanted processes – programs that open and edit files that Zeoticus is planning on encrypting, such as PowerPoint, Word, Wordpad, SQL Writer, etc.
Finally, Zeoticus scans the computer for files and encrypts them.
Encryption is a method of hiding information from everyone except for those who have the decryption key. Encryption helps keep online banking activities, private chats, web search terms, and other information from being read by unauthorized parties (What is encryption? | Types of encryption). For ransomware, this means corrupting file contents.
It changes file names
The encrypted files also have their names changed:
[original file name].[original extension].[random number].[extortionists’ email].[Zeoticus extension]
At the same time, Zeoticus places ransom notes in various folders. The ransom note, called read README, includes the email addresses of the extortionists. The victim is supposed to contact them to arrange the ransom payment.
How to get your files back
Backups are the best defense against ransomware. If you have a backup of your files, then all you need to do is clean the infected computer and then restore your data.
Just make sure that the backups are fine. Sometimes, cloud storage or misconfigured cloud backups get infected with ransomware – make sure that this did not happen to you.
But is it possible to recover the data that Zeoticus encrypted?
There is currently no way to break the encryption used by Zeoticus ransomware. File repair might fail to work, since Zeoticus is advertised as encrypting files with stripes. But you could try and use data recovery programs (such as EaseUS) to restore some deleted data.
You might consider paying the ransom. Keep in mind that there’s no guarantee that paying the ransom will restore the encrypted data. And with Bitcoin, there’s no way to get your money back.
If you do decide to pay, keep your identity secret from the extortionists. If you don’t, they might target you again with more ransomware and other malware.
How to remove Zeoticus ransomware
Below are instructions for how you can remote Zeoticus ransomware. It’s helpful to use antivirus apps, such as Spyhunter or another strong antivirus program. Antivirus programs detect Zeoticus ransomware as Malicious, Suspicious, Ransom, FileCoder, Trojan, etc. (Virustotal.com).
Because Zeoticus is ransomware-as-a-service, criminal groups distribute it in their own ways. It’s difficult to predict how Zeoticus is distributed and what other malware it’s bundled with. But it is very important to find out how it got on your device, as that security flaw needs to be patched to avoid future infections.
Check for other infections that might have come alongside Zeoticus. If you find spyware alongside Zeoticus, make sure to reset your passwords and use multi-factor authentication where possible.
Automatic Malware removal tools
How to recover Zeoticus Ransomware encrypted files and remove the virus
Step 1. Restore system into last known good state using system restore
1. Reboot your computer to Safe Mode with Command Prompt:
for Windows 7 / Vista/ XP
- Start → Shutdown → Restart → OK.
- Press F8 key repeatedly until Advanced Boot Options window appears.
- Choose Safe Mode with Command Prompt.
for Windows 8 / 10
- Press Power at Windows login screen. Then press and hold Shift key and click Restart.
- Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
- When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.
2.Restore System files and settings.
- When Command Prompt mode loads, enter cd restore and press Enter.
- Then enter rstrui.exe and press Enter again.
- Click “Next” in the windows that appeared.
- Select one of the Restore Points that are available before Zeoticus Ransomware has infiltrated to your system and then click “Next”.
- To start System restore click “Yes”.
Step 2. Complete removal of Zeoticus RansomwareAfter restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Zeoticus Ransomware. You can check other tools here.
Step 3. Restore Zeoticus Ransomware affected files using Shadow Volume CopiesIf you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Zeoticus Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Step 4. Use Data Recovery programs to recover Zeoticus Ransomware encrypted filesThere are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
- We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
- Download a data recovery program.
- Install and scan for recently deleted files.