Um vírus, that has been detected at the start of June 2017, dubbed WinUpdatesDisabler has been reported to encrypt files of victims with AES encryption algorithm. The ransomware virus aims to perform multiple different types of activities on the infected computer. They include the adding of the .zbt file extension and then dropping a ransom note, named Payment information for decryption.txt. Victims are demanded to pay the sum of 0.5 BTC in order to get their important files to work again. If your computer has been infected by the .zbt extension ransomware, recomendamos que você leia este artigo.
|Pequena descrição||Encrypts the files on the computer it infects and asks victims to pay 0.5 BTC to get them back.|
|Os sintomas||Files are AES encrypted with added .zbt file extension. A ransom note is dropped written in Bosnian.|
|distribuição Método||Os e-mails de spam, Anexos de e-mail, arquivos executáveis|
|Ferramenta de detecção|| Veja se o seu sistema foi afetado por malware |
Remoção de Malware Ferramenta
|Experiência de usuário||Participe do nosso Fórum to Discuss .zbt ransomware.|
|Ferramenta de recuperação de dados||Windows Data Recovery por Stellar Phoenix Aviso prévio! Este produto verifica seus setores de unidade para recuperar arquivos perdidos e não pode recuperar 100% dos arquivos criptografados, mas apenas alguns deles, dependendo da situação e se você tem ou não reformatado a unidade.|
.zbt File Ransomware Distribution Methods
In order to infect an unsuspecting user, the .zbt file virus may use more than one methods. The primary method, by which this ransomware can be encountered is via e-mail spam messages that carry malicious e-mail attachments or web links. The e-mails usually contain convincing statements which’s end goal is to get the victim into believing they are legitimate and open the attachment or click on the web link. Here is an example of a fake DHL e-mail containing a web link where the malicious file is downloaded in a .zip format:
Such e-mails may be encountered to spread .zbt ransomware as well. Além desses métodos, the malicious file of this virus can also be uploaded online on websites. It may be masked as a setup for a program you are looking to download, atualizações falsas, license activators or other types of executables. This is why it is always advisable to run an on-demand scan or have real-time protection when you are downloading unknown files.
.zbt File Virus – Análise
Once an infection with the WinUpdatesDisabler ransomware takes place, the virus begins to drop it’s payload. The main payload file is called WinUpdatesDisabler.exe e além disso, other files may reside in the usually targeted Windows folders under different names:
Depois que os arquivos são descartados,the .zbt ransomware may also drop it’s ransom note, nomeado Payment information for decryption.txt. It has the following message written in Bosnian:
“Ej sestriće, moraš da gi platiš.
Ako gi ne platiš, zaključani fajlovi nema da gi vratiš.”
Other activity of the .zbt virus may involve modifying the Windows Registry Editor, more specifically target the Run and RunOnce Windows registry keys. These keys are usually responsible for the automatic running of the malicious files of .zbt ransomware along Windows start-up.
o .zbt ransomware may also delete the shadow volume copies of the infected computer, via the vssadmin command:
.zbt Ransomware – Processo de criptografia
In order to encrypt files on computers that have been infected by it, the .zbt file virus uses the AES encryption algorithm. This cipher aims to replace data from the original files which are targeted for encryption with scrambled data from the cipher. This essentially results in the files no longer able to be opened and appear as if they are corrupt. o .zbt extension is added to them, making them look like the image below:
The .zbt ransomware virus does not just target any type of file for the encryptiom. The ransomware looks for multiple different types of files to encrypt. These are extensions that are associated with documents, arquivos de áudio, vídeos, arquivos e outros arquivos frequentemente usados.
Remove .zbt Ransomware and Restore Your Files
Before beginning the removal process, we recommend you to back up your encrypted files. Then you should follow the removal instructions below. They are specifically designed to help you remove the .zbt file virus. Since manual removal may be difficult, experts often advise to use a ransomware-specific tool that will aid in the removal and protect your computer in real-time against future threats.
If your files have been encrypted by the .zbt ransomware virus, you can try and restore them using alternative methods. We have suggested the methods in step “2. Restore files encrypted by .zbt ransomware” and we recommend that you follow them at your own risk. They may be in no way a method to restore all of your files, but with their aid you may be able to salvage at least a portion of your data.