Z1n Ransomware Locks Victim Systems
During a routine examination of new files, our researchers identified the Z1n ransomware, which belongs to the Dharma ransomware family. This malicious software encrypts data and demands payment for the decryption key.
In our testing environment, the ransomware encrypted files and modified their filenames. The original names were extended with a unique victim ID, the attackers' email address, and a ".z1n" extension. For instance, a file initially named "1.jpg" was transformed into "1.jpg.id-9ECFA84E.[zohodzin@tuta.io].z1n."
Following this encryption process, Z1n generated ransom notes displayed in a pop-up window and a text file named "read.txt." This text file was placed on the desktop and in all directories containing encrypted files. The content of the Z1n ransomware's text file informs the victim about the data lock and encourages them to contact the attackers for recovery.
The pop-up message provides additional details about the ransomware infection, explicitly mentioning the encryption of inaccessible files. While not directly stating that a ransom must be paid for decryption, the implication is present.
To assure recovery, the message offers a complimentary decryption test for three files, each not exceeding 5MB or containing crucial data. The victim is also strongly cautioned against seeking assistance from third parties (intermediaries) and against making modifications to the affected files.
Z1n Ransom Note Follows Dharma's Lead
The lengthy text of the complete Z1n ransom note goes as follows:
All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: zohodzin@tuta.io YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:zohodzin@cock.liWe strongly recommend that you do not use the services of intermediaries and first check the prices and conditions directly with us.
The use of intermediaries may involve risks such as:
-Overcharging: Intermediaries may charge inflated prices, resulting in improper additional costs to you.-Unjustified debit: There is a risk that your money may be stolen by intermediaries for personal use and they may claim that we did it.
-Rejection of the transaction and termination of communication: Intermediaries may refuse to cooperate for personal reasons, which may result in termination of communication and make it difficult to resolve issues.
We understand that data loss can be a critical issue, and we are proud to provide you with encrypted data recovery services. We strive to provide you with the highest level of confidence in our abilities and offer the following guarantees:
-Recovery demo: We provide the ability to decrypt up to three files up to 5 MB in size on a demo basis.Please note that these files should not contain important and critical data.
Demo recovery is intended to demonstrate our skills and capabilities.
-Guaranteed Quality: We promise that when we undertake your data recovery, we will work with the utmost professionalism and attention to detail to ensure the best possible results.
We use advanced technology and techniques to maximize the likelihood of a successful recovery.
-Transparent communication: Our team is always available to answer your questions and provide you with up-to-date information about the data recovery process.
We appreciate your participation and feedback.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
How Can You Proactively Protect Your Data Against Ransomware?
Proactively protecting your data against ransomware involves implementing a combination of preventive measures and best practices. Here are several strategies to help safeguard your data:
Regular Backups:
Regularly back up your important data to an external drive or a secure cloud service.
Ensure that backups are automated, frequent, and include all critical files.
Offline Backups:
Keep at least one copy of your backup offline to prevent ransomware from affecting it.
Disconnect the backup device when not in use to minimize the risk of compromise.
Update Software and Systems:
Regularly update your operating system, software, and applications to patch vulnerabilities.
Enable automatic updates whenever possible to stay protected against the latest threats.
Use Reliable Security Software:
Install reputable antivirus and anti-malware software to detect and block ransomware.
Keep security software definitions up to date for effective threat detection.
Educate and Train Users:
Educate employees or users about phishing emails, malicious links, and other social engineering tactics.
Conduct regular training sessions to enhance awareness of cybersecurity best practices.
Network Segmentation:
Implement network segmentation to isolate critical systems and data from other parts of the network.
Restrict user access to only the resources necessary for their roles.
Email Security:
Use email filtering systems to identify and block phishing emails and malicious attachments.
Encourage users to scrutinize emails before clicking on links or downloading attachments.
