Zenis ransomware – crypto-virus which asks its victims to play the game

Zenis ransomware analysis has already revealed that it is a dangerous crypto-virus[1] which relies on an advanced AES encryption algorithm used to corrupt MS Office documents, PDF files, text files, photos, videos, image files, archives, and other personal victim's files. Each file encrypted by this ransomware virus receives “Zenis-[2 random characters].[12 random characters]” file extension. Following data encryption, it generates a ransom note called Zenis-Instructions.html and drops Zenis Decryptor.exe file on the desktop.
| Name | Zenis |
|---|---|
| Type | Ransomware |
| Sub-type | Crypto-malware |
| Detection date | March 2018 |
| Danger level | High. Can cause permanent loss of personal files |
| Symptoms | All data encrypted with Zenis- <2_chars> template. file extension, ransom note on the desktop |
| Associated files | Zenis Decryptor.exe, Zenis.exe, Zenis-Instructions.html |
| Related email address | TheZenis@Tutanota.com, TheZenis@MailFence.com, TheZenis@Protonmail.com and TheZenis@Mail2Tor.com |
According to ransomware researchers, virus exhibits low degree of prevalence. However, it has already been found to remove backup files, even if the victim is convinced to make a payment.[2]
Observing the symptoms triggered by Zenis ransomware, it looks like that virus gets into target computers via unprotected RDP configuration and spam. Once the ransomware payload is being executed, the virus runs multiple scripts via Command Prompt Admin environment to block anti-virus programs and hack legitimate system’s processes to evade detection and removal.
However, the main task of this crypt-ransomware is to render personal files on the hijacked computer useless. The file extension unprecedented and seems to be a tough nut to crack. Each file gets the Zenis file extension and becomes useless. Upon successful file encryption, the ransomware creates a ransom note in the form of a .txt file. It informs the victim about the type of the virus and provides detailed instructions on how to use Zenis ransomware decryptor.
The user of the affected PC is asked to contact the ransomware developers via a given email address and send them an encrypted file which does not exceed 2 MB. They promise to unlock the file for free to prove that they store a private decryption key. Additionally, crooks inform their victim that the ransom should be paid in Bitcoins via the Bitcoin wallet via anonymous TOR web browser.[3]
*** All your files has been encrypted ***
I am ZENIS. A mischievous boy who loves cryptography, hardware and programming. My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world.
A world in digital space that you are supposed to play the role of my toys.
If you want to win in this game, you have to listen carefully to my instructions, otherwise you will be caught up in a one-step game and you will become the mam loser of the story.
My instructions are simple and clear. Then follow these steps:
1. Send this file (Zenis-Instructions.html) to my email with one your encrypted file less than 2 MB to trust to the game.
2. I decrypt your file for free and send for you.
3. If you confirm the correctness of the files, verify that the files are correct via email
4. Then receive the price of decrypting files
5. After you have deposited, please send me the payment details
6. After i confirm deposit, i send you the “Zenis Decryptor” along with “Private Key” to recovery all your files.
Now you can finish the game. You won the game, congratulations.
Please submit your request to both emails:
{..}
A free decryptor is not available. Cybercrooks warn the victim that the usage of third-party decryptors may lead to permanent data loss. It’s not clear whether such menaces are true or not. However, it’s not clear if the decryptor purchased from crooks will unlock your files as well.
To protect your PC from further damage and get the chance unlock files using backups, you have to remove Zenis ransomware from the system. For this purpose, you should run a scan with a reputable security tool with updated virus definitions. Our top pick for Zenis ransomware removal is FortectIntego. Please, update the software before a scan.
If the ransomware is blocking your attempt to run anti-virus, try rebooting the system to Safe Mode with networking or try System Restore function. The instructions on how to use any of these options are provided in the end of this article.

Crypto-malware payloads can be disguised under malicious spam email attachments
The behavior, design, payment site, and accessibility of digital currency are not distinctive from other crypto-malware. Distribution technique as well. Cybersecurity researchers from Virukset.no[4] claim that to protect the system from this ransomware attack is to bypass suspicious emails.
Email messages from pretend-to-be legitimate authorities or trusted companies like Amazon, Windows, IRS, etc. that contains attachments in formats, like .docx, .doc, .pdf, .jpg, etc.) might be infected. A serious warning sign of ransomware attack when opening email attachments are the requirement to enable Macros.
Apart from spam emails, users can download malware via JavaScript infected websites, fake software updates or malicious apps distributed on illegal websites.
A guide on how to remove Zenis ransomware
Zenis ransomware removal is the only option that you have to clean up the system from malicious files and processes. However, virus removal will not help to recover your files. Nevertheless, you will be able to encrypt files using third-party software, backups or other methods listed below.
Before initiating data recovery, make sure you remove Zenis ransomware with each of its files. Otherwise, personal data will soon be locked again. There’s no way to remove this crypto-malware manually, so don’t waste your time. Launch your anti-virus and try to restore files using the following instructions.
Was this guide helpful?
Be the first to comment