Microsoft Discovers Self-Replicating Ransomware
What’s worse than ransomware? Self-replicating ransomware. “Dubbed ‘Ransom:Win32/ZCryptor.A,’ or simply ‘ZCryptor,’ the malware is distributed by the usual spam email infection vector. Once executed, the malware makes sure it runs once the system is booted. Furthermore, to be able to reproduce itself, it drops an autorun.inf in removable drives, a “zycrypt.lnk” in the start-up folder, along with a copy of itself as {Drive}:\system.exe and %APPDATA%\zcrypt.exe. Lastly, it changes the file attributes to hide itself from the user in the file explorer.”