malvertising targets users for drive-by-downloads
malvertising targets users for drive-by-downloads

A self-proclaimed “mischievous boy” who calls himself “ZENIS” unleashed ransomware attacks that encrypt the files and then purposely deleted the backups.

Discovered last week by MalwareHunterTeam, Zenis uses a customised encryption method that warns recipients to pay up or risk losing forever their infected files.

A BleepingComputer.com blog post by Lawrence Abrams details how the scheme works, but lamented it's presently unknown how Zenis is being distributed or the extent of its effectiveness.

Zenis warned against seeking help from anyone else than him if they want the file decrypted. MalwareHunterTeam and Abrams asserted that victims should not pay the demand and instead seek help from them.

The hacker viewed the ransomware recipient a player in Zenis's game, and if precise instructions are not followed exactly “you will become the main loser of the story.” Zenis went on to explain in an email – from four different accounts so far – that he would “decrypt your file for free” and “then receive the price of decrypting files.” After he confirms receipt of the deposit, the ransom payer” would receive the “Zenis Decryptor” along with a “private key” to recover all the taken files.

ZENIS loves “cryptography, hardware and programming," he said. "My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world,” he promised.