Recently had a client get infected by the Zepto variant of crypto malware without even knowing it. The call originated when they could not find some of the shortcuts they were used to seeing on the desktop. I began to search for the shortcuts and found some files with the .ZEPTO extension on them. A quick Google search found that this was indeed an infection of crypto malware but something was different about this one – there was no ransom note or instructions on where to send the money for the decryption key. After investigating the problem it seems that the user got an image file that they could not open and forgot about. They noticed some slow down of the computer the day that these files indicated that they were created but nothing else presented itself that day, so they dismissed it.

So here is breakdown of what actually happened. They were protected by Norton Antivirus and when the infection began to spread across the network (only a couple files were affected there) it removed the infection and left the damage done by Zepto encryption of some of the files in place with no notice to the user about what was done. The customer had a partial backup from a poorly designed backup scheme that was able to recover some of the files, which left them in a state of not knowing what was missing from their local file directories. Needless to say that I will be recommending a different antivirus and backup / recovery plan for them going forward.

If your company is not sure about whether your antivirus software is capable of handling this type of situation properly or are not sure about the status of your backup / recovery procedures, then contact us for assistance.