Zepto Ransomware

  • A new variant of ransomware has been identified by Sophos names “Zepto”. This variant replicates the locky malware where all files are encrypted, renamed and the file extension of “.zepto” added to each file.
  • This malware is spread by the use of phishing emails claiming to be providing documents / scanned images that have been requested previously.
  • These emails contain either a .zip file or a .docm file that once clicked on downloads a self executing .exe file that begins to encrypt the victims data.
  • Just as other ransom-demanding viruses, this virus leaves ransom notes called _[2 chars]_HELP_instructions.html and _[2 chars]_HELP_instructions.txt on several folders, which hold the information about the decryption process.
  • Unfortunately Zepto is a new virus and there is no antidote for it yet.


  • Make sure you have anti-virus software installed and ensure it is up-to-date and running in real time.
  • Keep browsers, operating systems, Adobe and other applications up-to-date and patched  against vulnerabilities.
  • Backups are an absolute necessity in protecting your data. Back files up regularly, store the backups on external storage and physically disconnect the storage from the computer and network between backups. Ensure you verify the backups.
  • There are many fake emails with malicious attachments circulating the internet. If you receive an uninvited email containing an attachment then do not open it unless you are sure of its origin.
  • Beware of unsolicited emails asking you to click on links.
  • In the unfortunate case of infection, pull the plug on the computer and internet access.
  • Do not pay the ransom as a first response – report to Action Fraud as soon as possible.

The SWRCCU advises against the payment of ransom demands. This is for three reasons:

    • You are not guaranteed to get your data decrypted.
    • Further extortion demands may follow.
    • It encourages further attacks against other victims.

If you want to learn about Cyber Security, check out our new Cyber Security & Privacy Essentials course below.


Thanks to the Gloucestershire Police for alerting us to this information.


Action Fraud is the UK’s national fraud and internet crime reporting centre, providing a central point of contact for information about fraud and financially motivated internet crime

Visit www.actionfraud.police.uk