Zeus Ransomware is a New Chaos Clone Designed to Encrypt Files
A new variant of the Chaos ransomware has been spotted in the wild by researchers. The latest clone is called the Zeus ransomware.
Zeus does what you would expect ransomware to do - it will encrypt nearly every file on a victim system's local drives. Encrypted file types include media files, executables, documents and archives. Once encrypted, files receive a new extension that is made up of five randomly generated alphanumeric characters.
This process can turn a file formerly called "document.doc" into "document.doc.y8ew".
Once the encryption process completes, the ransomware generated a plain text ransom note inside a file called "read_it.txt" and displays a much longer ransom note inside a pop-up window. The lengthier version of the note in the pop-up goes as follows:
OPPS FILE ANDA DI ENKRIPSI!!!
APA YANG TERJADI? FILE ANDA TELAH DI ENKRIPSI OLEH RANSOMWARE MILIK SAYA YANG TIDAK SENGAJA ANDA DOWNLOAD DARI INTERNET. BAGAIMANA MENGEMBALIKAN FILE SAYA? JANGAN PANIK CUKUP KONTAK SAYA DI SINI ANONSEC4444@GMAIL.COM SAYA AKAN MEMBANTU ANDA MENGEMBALIKAN FILE ANDA DENGAN CEPAT JANGAN INSTALL ULANG KOMPUTER ANDA JIKA ANDA TIDAK INGIN TERJADI KERUSAKAN PADA HARDWARE KOMPUTER PENGEMBALIAN KOMPUTER INI GRATIS INI TERJADI KARENA PENYALAHGUNAAN RANSOMWARE KAMI
RANSOMWARE DI DISTRIBUSIKAN OLEH:#KOMUNITAS HACKER INDONESIA
#RANSOMWARE ZEUS
The note appears to be written in the Indonesian language. The plain text file contains the following:
OPPS FILE ANDA DI ENKRIPSI BY RANSOMWARE ZEUS UNTUK MENGEMBALIKAN FILE ANDA
CONTACT SAYA
EMAIL:zeussec1337 at gmail dot com
FACEBOOK:hxxps://www.facebook.com/zeussec1337
TELEGRAM:@ZeusSec1337