Zeoticus 2.0 Making Infections Harder to Control, Contain, and Mitigate
Discovered in early 2020, the Zeoticus ransomware has moved into 2021 with new upgrades focused on speed and efficiency. SentinelOne researchers released a detailed report and technical analysis of the latest version - Zeoticus 2.0.
Diving into details
- The latest version of the ransomware is more versatile and effective and can execute payloads without connectivity or remote commands.
- The developers have employed a combination of rapid encryption algorithms for asymmetric and symmetric sides.
- Moreover, they have added the ability to discover and infect remote drives and terminate processes that could hamper encryption.
Zeoticus operators specifically avoid functioning in some regions such as Russia, Belarus, and Kyrgyzstan to possibly avoid any backlash from regional government and law enforcement agencies.
Zeoticus 1.0 vs Zeoticus 2.0
The previous variant of Zeoticus malware, which first appeared in early 2020, has some contrasting similarities and differences with the recent version.
- It is worth noting that Zeoticus 1.0 used to alter the desktop wallpaper while presenting the ransom instructions; however, Zeoticus 2.0 mounts a new volume containing a ransom note in parallel with the encryption of the host’s data.
- Both Zeoticus versions v1.0 and v2.0 create the registry run key to achieve persistence with the registry entry set to launch an instance of the Zeoticus payload from C:\Windows.
The bottom line
In an extremely short time span, Zeoticus has been able to make its own place in the cybercrime world. The upgraded version is even capable of superseding its predecessor with C2-free execution, compatibility with all Windows versions, and supercharged encryption algorithms, which makes it immensely difficult for researchers to control, contain, and mitigate it.