Zarik Locker Ransomware Holds Your Files Hostage

During the evaluation of file samples, our researchers came across the Zarik Locker ransomware. This type of malware encrypts data and demands ransom for decryption.

Upon executing a sample of Zarik Locker on our test system, it proceeded to encrypt files and append a ".zarik5313" extension to their names. Consequently, files like "1.jpg" were transformed into "1.jpg.zarik5313," and the same pattern followed for all encrypted files.

Following the encryption process, Zarik Locker altered the desktop wallpaper, displaying a message in English, and deposited a text file named "@zarik decrypt0r@.txt," containing a ransom note written in Russian. The wallpaper conveyed that the victim's photos, videos, documents, and other files had been encrypted. It also suggested that if the "@zarik decrypt0r@.txt" file could not be found, it implied that the anti-virus had successfully removed the ransomware.

The contents of the text file reiterated the encryption news and informed the victim that the decryption of their data required a payment of $300. The message directed the victim to contact the attackers and submit proof (such as a screenshot) of the payment.

Zarik English Ransom Note in Full

The text of the English version of the Zarik ransom note reads as follows:

Zarik locker

Your importentet file are encryption producted on this computer:photos,videos,documents,etc.

if you see text, but do not see the @zarik decrypt0r@.txt window,then your anti virus deleted "zarik locker" from computer

@Zarik decrypt0r@.txt

The text of the Russian ransom note is very similar in its nature.

How Can You Proactively Safeguard Your Data Against Ransomware?

Protecting your data against ransomware requires a proactive and multi-layered approach. Here are some strategies to help safeguard your data:

Regular Backups:
Perform regular backups of your critical data and ensure they are stored offline or in a separate, secure location.
Automate backup processes to ensure consistency and frequency.

Update Software and Systems:
Keep your operating system, software, and antivirus programs up to date with the latest security patches and updates.
Enable automatic updates whenever possible to ensure timely protection against known vulnerabilities.

Employee Training:
Educate employees on the dangers of phishing emails, suspicious links, and attachments.
Conduct regular training sessions to enhance cybersecurity awareness and promote safe online practices.

Network Segmentation:
Implement network segmentation to isolate critical systems and limit the potential impact of a ransomware attack.
Restrict unnecessary access to sensitive data and regularly review and update permissions.

Email Filtering:
Use email filtering solutions to detect and block phishing emails and malicious attachments.
Implement advanced threat protection to identify and prevent sophisticated email-based attacks.

Endpoint Protection:
Utilize reputable antivirus and anti-malware solutions on all endpoints, including computers, servers, and mobile devices.
Enable real-time scanning and heuristic analysis to detect and block potential threats.