Zenis Ransomware Encrypts Your Data & Deletes Your Backups

[Faybert]

A new ransomware was discovered this week by MalwareHunterTeam called Zenis Ransomware. While it is currently unknown how Zenis is being distributed, multiple victims have already become infected with this ransomware. What is most disturbing about Zenis is that it not encrypts your files, but also purposely deletes your backups.

When MalwareHunterTeam found the first sample, it was utilizing a custom encryption method when encrypting files. The latest version, and the one we will discuss in this article, utilizes AES encryption to encrypt the files.
....
....

How Zenis Ransomware encrypts a computer
As previously stated, we do not know how the Zenis Ransomware is currently being distributed. Based on the elusiveness of the ransomware samples and comments from infected people, it could be distributed via hacked Remote Desktop services.

When executed, the current Zenis Ransomware variant will perform two checks to see if it should begin encrypting the comptuer. The first check is to see if the file that executed is named iis_agent32.exe, with this check being case insensitive. The other check is to see if a registry value exists called HKEY_CURRENT_USER\SOFTWARE\ZenisService "Active".
....
....

 

[Aleeyen]

Its a cat and mouse game. Malware creators are devising new techniques to harass the users. Many of these malware creators are very good at coding and have lot of ingenuity. I wish they could put there effort on some good things.

 

[Captain Awesome]

so what I have to do???
can avast kill this ransomware???

Backup your data and keep it off-line.

 

[upnorth]

When looking for files to encrypt, if it finds files associated with backup files, it will overwrite them three times and then delete them. This is to make it more difficult for the victim to restore files from a backup. The list of extensions targeted for deletion are :
.win, .wbb, .w01, .v2i, .trn, .tibkp, .sqb, .rbk, .qic, .old, .obk, .ful, .bup, .bkup, .bkp, .bkf, .bff, .bak, .bak2, .bak3, .edb, .stm

I agree with @Captain Awesome

 

[Mahesh Sudula]

so what I have to do???
can avast kill this ransomware???

No AV can gurantee protection against all ransomwares since they just doesn't fit into that category...each ransomware utilize different techniques and hollowing , Cmd it goes on..... to do their job..and some even show their nasty behaviour on restart..The solution is
Take regular backups , Think before you download and check before you execute most importantly --> Use any AV along with your Brain..It protects you so well

 

[karthic1998]

Keep backup on at another drive or a external drive is needed for everyone

 

[silversurfer]

Antivirus scan for 9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768 at 2018-03-17 15:53:19 UTC - VirusTotal

Antivirus scan for 59278c1cf38a0f240c2a9da80814f991d81e29534b677dccde66edd6107f6d57 at 2018-03-17 15:25:30 UTC - VirusTotal

 

[Faybert]

Antivirus scan for 9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768 at 2018-03-17 15:53:19 UTC - VirusTotal

Antivirus scan for 59278c1cf38a0f240c2a9da80814f991d81e29534b677dccde66edd6107f6d57 at 2018-03-17 15:25:30 UTC - VirusTotal

The sample would be good for testing the BB