A new Locky Ransomware variant, also known as Zepto, now includes a RSA key embedded in it, says the security expert Timothy Davies. According to Davies, this version is brand new, available from around September 5th, and it doesn’t require a connection to the victims` Command and Control servers to encrypt data.
While most system admins block C&C servers on their firewalls using an embedded RSA key, this Locky version is able to encrypt the victim`s PC no matter what has been blocked at the edge.
The error is a result of the improper names of the attachments, which are, in fact, HTA files and not JS files. If the file`s name is changed to the correct HTA, it works without problems.
Additionally, this new Locky version continues appending the “.ZEPTO” extension at the end of all encrypted data and creates ransom notes named: “%Desktop%\[number]_HELP_instructions.html, %Desktop%\_HELP_instructions.html, and %Desktop%\_HELP_instructions.bmp”.
Files, targeted by this Locky variant have one of the following extensions: