Threat Management, Malware, Ransomware

New ransomware Zenis will delete backup files even if victim pays

A self-proclaimed “mischievous boy” who calls himself “ZENIS” unleashed ransomware attacks that encrypt the files and then purposely deleted the backups.

Discovered last week by MalwareHunterTeam, Zenis uses a customized encryption method that warns recipients to pay up or risk losing forever their infected files.

A blog post by Lawrence Abrams details how the scheme works, but lamented it's presently unknown how Zenis is being distributed or the extent of its effectiveness.

Zenis warned against seeking help from anyone else than him if they want the file decrypted. MalwareHunterTeam and Abrams asserted that victims should not pay the demand and instead seek help from them.

The hacker viewed the ransomware recipient a player in Zenis's game, and if precise instructions are not followed exactly “you will become the main loser of the story.” Zenis went on to explain in an email – from four different accounts so far – that he would “decrypt your file for free” and “then receive the price of decrypting files.” After he confirms receipt of the deposit, the ransom payer” would receive the “Zenis Decryptor” along with a “private key” to recover all the taken files.

ZENIS loves “cryptography, hardware and programming," he said. "My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world,” he promised. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.