Another .NET ransomware emerges in June 2017 – Zilla virus
Zilla virus is a Turkish .NET ransomware variant. The virus encodes victims files and then decorates their filenames with .zilla extensions. Following that, the ransomware outputs a short message “Dosyalarınız şifrelendi!” into OkuBeni.txt file, which is a ransom note. The ransomware utilizes Rijndael[1] encryption algorithm, also known as AES. The ransomware seems to be built using pieces of open-source ransomware available online, which shows the inexperience level of its developer. This ransomware is unlikely to be distributed using sophisticated distribution methods; therefore it won’t affect high numbers of computer users. However, if you were infected with this virus, we suggest installing a proper malware removal tool and performing an automatic Zilla removal right away. In our opinion, FortectIntego might be the best tool to use for this task. 
To decrypt .zilla files, please follow instructions given at the end of this article. Although there are no guarantees that your data will be restored, it is definitely worth trying to recover them. If you succeed to decrypt your files, please remember that not all ransomware viruses are that poorly programmed. For example, let’s take a look at Cerber ransomware – so far, no one managed to create a free decryption tool for any version virus yet. Therefore, once you remove Zilla virus, take every possible action to protect your files from similar ransomware attack in the future. We suggest creating several data backups, installing an anti-malware program, and staying away from suspicious websites online.

Distribution of ransomware viruses and ways to avoid infection
If you truly want to protect your computer from ransomware viruses, you must get familiar with their delivery techniques, at least the main ones. Such viruses are known to be distributed via several methods. Below, we provide some of the most popular malware distribution tricks and ways to protect your computer system.
- Remote Desktop Protocol attacks (also known as RDP attacks)[2]. Limit the amount of RDP accounts and set STRONG passwords for them. Make sure you use more than eight characters including upper and lower case letters, digits, and symbols.
- Malicious spam. It is probably the most used ransomware distribution method. Criminals send deceptive email letters filled with logos of legitimate companies only to trick users to open the links or files attached to the emails. Apparently, these attachments hold the malicious file that compromises the system right away. Attackers also use blank messages with one email attachment or suggest opening it by saying that it is an important invoice, note, resume, or subpoena. Never open emails sent by strangers!
- Trojans. Ransomware can be distributed via Trojan horses that remain silent until a specific date. Then they download the malware into the system. Having a good anti-malware software can protect you from such attack.
- Exploit kits. Exploit kits are hosted by malicious websites. To avoid falling victim to this attack technique, keep all of your programs up-to-date.
Remove Zilla ransomware
You can remove Zilla virus effortlessly by installing a decent anti-malware software while in Safe Mode with Networking and running a complete system scan. Attempts to remove the malware manually can result in failure and cause even more problems. Remember that ransomware is no regular program and it doesn’t have its uninstaller. The virus is set to remain on the system without being detected. However, using a good anti-malware software can purify the system completely.
Was this guide helpful?
Be the first to comment