• Researchers warn of increase in Zepto ransomware attacks

Researchers at Cisco’s Talos security intelligence and research group have warned that cyber attackers have begun to launch massive Zepto ransomware campaigns.


The warning states that Zepto, a variant of Locky ransomware, was initiated in the first quarter of 2016. The software works by encouraging targets to open malicious .zip files. Once open, Zepto is able to encrypt files, demanding a Bitcoin fee to decrypt them.

The number of these spam messages intended to infect recipients’ computers with Zepto was hugely increased in June. The researchers claim that 137, 731 messages were sent in just first four days of a campaign which was believed to have been started on June 27.


Warren Mercer, technical lead of engineering at Cisco, said: “The phishing/spam campaigns now generally carry a large risk of associated ransomware, and this is no different. The ability to withhold files from users is, unfortunately, becoming very normal with attacks that people are faced with every day.”

He added that attackers do not care what they destroy in their quest to secure payment from their targets. “The email attack vector will continue to be used as email is an everyday occurrence and the ability to generate large lists of emails for spam campaigns such as this is growing easier,” he said.

Mercer advised that businesses should warn employees to exercise caution when opening email attachments, and that organisations should ensure they have a rigorous back-up system in place.

Receive our free* ultimate guide to cyber security here