Zenya Ransomware is a New Clone of Xorist
There is a new variant of the Xorist ransomware that was recently discovered by security researchers. The new version of Xorist is called the Zenya ransomware.
Zenya doesn't do anything revolutionary compared to other Xorist variants. It will encrypt the majority of files on the victim system. Once the ransomware finishes encryption, it appends a new extension to each encrypted file.
This process will turn a file originally called "document.doc" into "document.doc.ZeNyA".
The ransom note is dropped inside a file named "HOW TO DECRYPT FILES.txt". The ransomware also brings up a pop-up window containing the text of the note.
The encryption process will affect almost every file on the target system. Like most ransomware variants, Zenya will scramble every document, archive, database and media file it finds on all connected system drives.
The encryption process leaves files in an unreadable state and there is no decryption tool available online at the moment, barring any possible decryptor the ransomware author might have. When it comes to restoring your files, the best solution remains recovery from offline backup copies.