New Zenis Ransomware Deletes Backups Even After Successful Ransom Payment

Zenis Ransomware

Newly discovered Zenis Ransomware is another example of crypto-virus which exhibits a unique feature. Unfortunately, it is still unclear that how this malware manages to infect the Windows system and spread over the Internet to target as much web surfers as possible. Most importantly, it does not only enciphers the files stored on victim’s machine, but can also delete the backup copies saved on the compromised system as well. Based on the recent research report, it might affect the Windows machine with the help of Remote Desktop services. After getting inside the system, Zenis Ransomware encrypts the specific file types by using AES cryptography algorithm.

At the time of encoding the data stored on victim’s machine, the malware appends the file name by adding ‘Zenis-<2_chars>’ extension. In addition to that, Zenis Ransomware also has the ability to delete the Shadow Volume copies, clear event logs and disable startup repair as well. As a result, it becomes quite harder for the victimized users to recover the enciphered files using alternative methods. What’s more interestingly, the malware also searches for the files that are associated with backups. When Zenis Ransomware finds them, it deletes them after overwriting them three times.

Zenis Ransomware

However, the decryption of system files encrypted by Zenis Ransomware seems impossible, there is no need to pay asked ransom money in the form of Bitcoins and also avoid contacting the cyber criminal hackers using email address displayed on the ransom note. In such circumstances, you should wait for the decryption key that will be released by malware researchers after the depth-analysis on the source code of Zenis Ransomware. Talking about the ransom message displayed by this file-encoder virus, hackers behind this vicious attack asks victimized users to join the game for avoiding file loss.

Most importantly, there is no need to join the game because there is a high chance to restore the files by using the decryption key released by security analysts. All in all, to avoid getting infected with Zenis Ransomware or similar destructive viruses, it is highly advised to browse the web carefully. Always set strong passwords and use VPN services. Additionally, there are many ways using which the malware can get inside your machine. It may attached with a malicious files arrived on mailbox from suspicious sources. Besides, various illegal domains like pornographic, gambling, gaming, etc. are the main ways for Zenis Ransomware distribution. Follow the prevention tips to protect your important computer files getting encrypted with Zenis Ransomware.