Microsoft has issued an alert warning users about a new ransomware variant called ZCryptor, which is targeting Windows systems and has the alarming ability, not unlike a virus, to spread on its own. The ransomware can self-reproduce by injecting removable and network drives.
ZCryptor is being spread to systems via phishing emails and fake Adobe Flash installers. Once installed, ZCryptor issues a warning to its victims, alerting them that the files stored in their removable devices have been encrypted and will only be decrypted on receiving a payment of $500 (£346.48) in Bitcoin.
Microsoft Security Team said the ransomware targets those systems that have resisted upgrading to Windows 10 and run on 64 bit Windows XP systems as well as Windows 7 and Windows 8 versions.
"We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate itself and affect more users," said Microsoft. In other words, if an infected drive is connected to a PC, ZCryptor automatically sets about infecting the system, loading itself onto the PC without the aid of any additional tools.
Trend Micro malware analyst Michael Jay Villanueva said: "This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites." He also noted that this variant was one of the few out in cyberspace, capable of replicating itself and spreading on its own.
Villanueva also noted that the ransomware demand goes up in case payment of the initial amount has not been made immediately. He affirmed that ZCryptor's ransom demand shoots up to $2,200 in just five days, adding this technique is commonly used among cybercriminals to manipulate victims into making payments by instilling fear.
Fortunately, most antivirus software programmes are able to detect ZCryptor, thereby ensuring that users avoid becoming a victim to the malware. However, researchers are yet to find a loophole that allows victims to decrypt their data without having to pay up the demanded ransom.