Malware News New Locky version adds the .Zepto Extension to Encrypted Files

A

Alkajak

Thread author
A new version of the Locky Ransomware was released yesterday that uses a new naming scheme for encrypted files. Previously Locky had renamed files and then appended a Locky extension so that filename was similar to A65091F1B14A911F0DD0E81ED3029F08.locky.

With this new version, Locky uses the .zepto extension and files are renamed to a name like 024BCD33-41D1-ACD3-3EEA-84083E322DFA.zepto.

zepto-encrypted-files.jpg

Files with the Zepto Extension
This new naming format is in the form of [first_8_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[4_hexadecimal_chars]-[12_hexadecimal_chars].zepto. For example, for a file called 024BCD33-41D1-ACD3-3EEA-84083E322DFA.zepto, the extracted victim ID would be 024BCD3341D1ACD3.

Full Article: New Locky version adds the .Zepto Extension to Encrypted Files
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

I received the js donwloader as an attachment in my special e-mail, yesterday.
swift b14.js
...Appdata/local/temp
=> 9C8Ap20aK0
=> 9C8Ap20aK0.exe
=> clout.exe in running process

I would like to know who choose the extension names ... Lol
 
Last edited:
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top