Microsoft warns of worm ransomware, finds fix in Windows 10 upgrade

Malware an opportunity to Edge out Redmond rivals

Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Microsoft is warning of a wormable ransomware that infects removable drives on versions of its operating system below Windows 10.

The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers.

It drops a warning notice in a HTML file informing victims that their removeable device files are encrypted, and can be decrypted only after payment of $500 in Bitcoins.

ZCrypt runs on 64 bit Windows XP relics, and version 7 and 8 boxes that have resisted the Windows 10 upgrade blitzkrieg.

"We are alerting Windows users of a new type of ransomware that exhibits worm-like behaviour," Microsoft's security team says.

"This ransom leverages removable and network drives to propagate itself and affect more users."

Redmond recommends users protect themselves by first upgrading to Windows 10 and updating antivirus, backing up hard drive files, and using the Windows Edge browser.

Macros should also be banished, and pirate and porn sites avoided.

The malware throws a fake Windows alert suggesting a USB device has not been detected while the files are encrypted.

Trend Micro malware man Michael Jay Villanueva says the ransom demand will increase to $2200 over five days if the ransom is not paid. This is a common ploy to prevent the chance of subversion and increase likelihood of panicked payment.

"This ransomware is one of the few ransomware families that is capable of spreading on its own," Villanueva says.

"It drops a copy of itself in removable drives, making use of USBs a risky practice."

Most antivirus will detect at least some variations of the trojan, but there appears to be no way to decrypt files for free. ®


Biting the hand that feeds IT © 1998–2017