Detected by MalwareHunterTeam, Zenis ransomware targets Windows OS, deletes shadow volume copies, disables startup repair, and clears event logs. Several processes are terminated including sql, taskmgr, and regedit. To prevent the recovery of data, Zenis overwrites any files associated with backups three times prior to deleting them. Zenis appends .Zenis-[two random characters].[twelve random characters] to the names of encrypted files and uses a different AES key to encrypt each file. A ransom note named Zenis-Instructions.html is created in every file the malware encounters. The distribution method for Zenis is currently unknown.
- Bleeping Computer provides additional information on Zenis here.
- The NJCCIC is aware of a decryption tool for Zenis. Victims who have been impacted by Zenis ransomware should contact Michael Gillespie @demonslay335 for assistance.
Email addresses associated with Zenis:
TheZenis[@]Tutanota[.]com, TheZenis[@]MailFence[.]com, TheZenis[@]Protonmail[.]com, TheZenis[@]Mail2Tor[.]com
Image Source: Bleeping Computer