Endpoint Protection

Hi, one of my laptop is attacked by virus ZEPTO and all the excel files already became as Zepto format. Does Symantec anti-virus able to clear for this virus from my laptop ? Kindly advise for it.

Best regards,

Ngo

The only way is to re-image the machine or restore from a good working backup.

https://www.symantec.com/connect/forums/zepto-encrypts-excels-sep-did-not-detect

Hi Secom-MY,

Ufortunately you have been hit by one of today's most aggressive cryptolockers.  A similar thread: https://www.symantec.com/connect/forums/had-zepto-and-now-some-questions

The only thing to do is to delete the sabotaged documents, restore them from a known-good backup, and prepare your organization for the next such atatck. 

This article will help prevent the delivery of future cryptolocker downloaders:

Support Perspective: W97M.Downloader Battle Plan
https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

A new white paper:

Special Report: Ransomware and Businesses 2016
https://www.symantec.com/connect/blogs/report-organizations-must-respond-increasing-threat-ransomware

A good article:

Ransomware protection and removal with Symantec Endpoint Protection
http://www.symantec.com/docs/HOWTO124710

Please do add any extra questions to this thread, or mark it solved if you have received your answer.

With thanks and best regards,

Mick

Hi Secom-MY,

Just a ping to see if you have any additional queries?  The thread is still marked "needs solution."

With thanks and best regards,

Mick

Hi Mick,

Does Symantec anti-virus able to clear and catch for this ransomware - Zepto virus ?

Best regards,

Secom-MY

Hi Secom-NY,

It can capture *known* cryptolockers in the 'wild' and because of the narture of the cryptolockers virus, it often change its signature to avoid being caught by the AV software. The best method to prevent this from spreading again is to educate users not to open any unknown attachment/files and their files will be protected.

However once the files are 'infected' (encryption with a secret key), all AV software cannot undo it. That's why a good backup is a must so you can restore the files yourself without paying them to unencrypt your files.

Paying them will only encourage them to spread this even further.

Tony is correct.  Do not pay the ransom!

Here are some things you can do in addition to relying upon AV definitions:

Hardening Your Environment Against Ransomware
https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware

If you have the shadow copy feature enabled you could hopefully use ShadowCopyView or ShadowExplorer to recover any of the files.

Good suggestion, however sadly many cryptolockers virus often disable it and delete the whole shadow files. :(

At Remove Zepto ransowmare (.zepto Files Encrypted Malware) I found the below so giving it a try won't hurt.

Option 1: Restore your files encrypted by Zepto ransomware with ShadowExplorer

Zepto will attempt to delete all shadow copies when you first start any executable on your computer after becoming infected. Thankfully, the infection is not always able to remove the shadow copies, so you should continue to try restoring your files using this method.