Skip to content ↓ | Skip to navigation ↓

Terrible news shook the web the other day, as reports surfaced of a new ransomware virus circulating the web.

A new version of the infamous Locky ransomware has been unleashed upon users worldwide, affecting computers all across the globe from the USA to Mexico, Japan, Germany, and beyond. The unwelcome arrival of the new virus was first reported yesterday here and was later confirmed by another source.

It works like most ransomware does, seizing the files on a victim’s PC and encrypting them. Much like its predecessor, Locky, the new virus changes the name of the files to its own extension: .zepto, which is why it has now become known as the Zepto Virus.

Once the encryption process is complete, the virus then changes the desktop image to a ransom note, informing the affected user of the actions that had taken place and providing instructions as to how the victim can receive the decryption key. It also creates files with the same information in each of the encrypted folders titled “_HELP_instructions.html”.

The amount demanded by the hackers in exchange for the key is 0.5 Bitcoins, which is roughly the equivalent of $300; however, it is likely that that number will be substantially increased in the event large businesses or organizations are affected.

At this point, there is no known way of breaking the encryption, but cyber-security experts are already working on cracking the .Zepto code. As was the case with .locky, this new ransomware uses the strong RSA-2048 and AES-128 ciphers.

Users are advised to take extra precautions when browsing the web and especially when dealing with newly received emails. This is the way ransomware is most commonly distributed, so be especially critical towards spam emails, more so if they come with attached files.

If you have fallen victim to this rapidly spreading virus, it’s not advisable to give in to the hackers’ demands and pay the requested ransom. This practice is what stimulates the cybercriminals to continue with their illegal activities and there are no guarantees that you will receive any decryption key.

Instead, you can try using the following removal instructions that would hopefully help you locate and delete the .Zepto virus. Other than that, there is little else to be done than wait for a working decrypter to be released in order to recover your files.

Interesting in learning more about Ransomware? Click here to discover more. 


daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.


10 Ways Tripwire Outperforms Other Cybersecurity Solutions
  • Patrick

    “Shook the web”? New ransomware variants come out every single day.

  • Patrick

    “Shook the web”? New ransomware variants come out every single day.

  • Big AUssie

    I was curious what type of advice would be given for removal of this crypto variant; so clicked on your link labelled: “removal instructions” — instantly Malwarebytes blocked the webpage you have linked to.

    Hopefully this is because Malwarebytes is being over zealous — maybe not. I tried to just go to: and that was also blocked. Perhaps their website has been hacked — you may want to check the link from your end.

  • User

    Hit our office today when someone opened the attachment. Lost EVERYTHING that wasn’t backed up! Took out my entire desktop! DO NOT OPEN ATTACHMENTS FROM SENDERS YOU DO NOT KNOW FOR CRYING OUT LOUD!!!!!! This is BASIC people! Frustrating! I.T> has been working on our system ALL DAY!!!!! Getting NOTHING done!!!!

  • Mel Haye

    We have been hit aswell. Entire system has been encrypted by Zepto.

  • Mitch

    I got hit with Zepto today- and had not opened any attachments. I was merely surfing. I was careful, too, and still got hit.

  • rohan pangale

    I got hit with Zepto today. we lost our all file please advice us

  • Ransomware truly are a menace.

  • Max Cartwright

    Backup your data! And not just one copy – but minimum 2! Local back and cloud backup! And backup daily! Twice daily if have the space/money.

  • Jean Paul Cahuana Pinto

    Our server was infected too. All dbfs are encrypted… :/

  • Dan Fundarz

    Its pretty easy to copy all files to a thumb drive so they arent even on your computer.

  • Yashwant Kumar

    my file also infected with ransomware but all files has the file format of “.8e9a” ,i dont know which type is this

<!-- -->