Security experts are warning businesses of a dangerous new virus, based on the Locky ransomware, named Klepto Zepto. The Zepto malware has been carried in nearly 140,000 spam messages sent over four days last week. The ransomware appears to have Locky’s capabilities which could make it one of the more dangerous encryption lockers in circulation.

The ransomware targets users with a variety of subject lines and with sender profiles such as ‘CEO’ or ‘VP of Sales’ to encourage the user to open the email. Once opened the email asks users to look at the requested documentation, which is a cleverly named combination of the victim’s email address, an underscore and a random number. The attachments or links are malicious zip files which when opened will encrypt your data.

Preventing against Klepto Zepto

Here are some preventative steps you should take:

  • Do not open unusual attachments, usually in the form of a Word or PDF document from an unknown source
  • Do not click links on emails from an unknown source
  • Check the reply address on the email
  • Do not release emails from SPAM that you are unsure of
  • If a website appears different, close the site and report it to your support provider

Dealing with a Klepto Zepto attack

If Klepto infects your computer or your server, you have two options – pay the crooks their ransom or restore backups to the point before the attack.

Ransomware is big business worth millions to criminals, partly because some businesses that haven’t taken adequate precautions have been forced to cough up thousands of pounds. Law firms, hospitals and small local businesses have all been forced to pay out due to ransomware attacks.

Therefore, you should have a tried and tested backup and disaster recovery system in place. This system would then be utilised as part of your disaster recovery plan in a ransomware attack.

If you haven’t got a business continuity plan for IT that covers this, you are not alone – almost half of UK businesses are thought to be insufficiently capable of responding to a ransomware attack.

If you are interested in finding out how to protect your firm from malicious ransomware, please contact me by email at simon.williams@prodriveit.co.uk or call 0845 507 0845.

If you are interested in learning about business continuity planning, why not attend one of our free workshops in London, Surrey and Reading?