Zepto ransomware has sent 137,731 emails just in 4 days

You might be getting an email from your friend or colleague like below

I found all the last month financial doc you requested, I’ve attached them on google drive.


I paid $20,480 for the construction of the back office, currently we have $890,489 balance in the chase.

waiting to hear from you


Ransomware called Zepto is raising concerns later than security experts because of its stuffy ties to the more grow antique and prolific Locky ransomware. Zepto was spotted approximately a month ago but a recent confession of spam containing Zepto-laced attachments detected concerning June 27 is heightening fears of widespread infections.


What is Zepto?

.zepto suffix used as the extension for encrypted files.
The Infection is via a .zip file email optional add-on that contain a malicious .js JavaScript executable. Once the JavaScript goes to organization it runs quietly going on for the victims robot slowly locking files later the .zepto strengthening.

A closer investigate of the JavaScript revealed 3,305 unique samples from the 137,000 emails. Once executed the malicious JavaScript uses wscript.exe to motivate HTTP GET requests to the defined C2 domains  this is where some of the samples differed as some would initiate connectivity to a single domain, whilst others, would communicate taking into account happening to 9 domains, according to the obscure write-happening of Zepto.


The sample emails are


Today I got mail from my friend and I asked him about the balance he is having in his account 🙂



It is almost similar behavior like Locky malware as they use the RSA encryption and the mail composition format.The subject could be “documents copy” , “financial report”, “new invoice”.


What will happen?

If your machine is affected with this? It will lock your files and asks money decryption key(In Bitcoins)

sample screen:












Share and subscribe for daily updates.

Posted in Technology and tagged , .

Leave a Reply

Your email address will not be published. Required fields are marked *