Cyber Security Center

What is Zfdv ransomware


Zfdv ransomware is a generic ransomware infection that belongs to the notorious Djvu/STOP ransomware family. The cybercriminals operating this ransomware have been releasing new versions like Zfdv ransomware for a couple of years now, with at least a couple of releases every week. This ransomware encrypts personal files and adds .zfdv to them. It also drops a _readme.txt ransom note that explains how victims can get a decryptor. It involves paying close to $1000 in ransom. But paying also comes with its own risks. If you have a backup, you will be able to recover your files without trouble, though you first need to make sure to remove Zfdv ransomware from the computer.

 

Zfdv ransomware

 

Zfdv ransomware is a very dangerous piece of malware. It will encrypt your personal files, including photos, videos, documents, etc., and essentially take them hostage. You will be able to recognize which files have been affected by the extensions added to them. This ransomware adds .zfdv, so an encrypted text.txt file would become text.txt.zfdv. The ransomware will also drop a _readme.txt ransom note in folders that have encrypted files. The note, as displayed above, explains how victims can acquire their decryptors. According to the note, it costs $980, though there’s supposedly a 50% discount for victims who contact malware operators within 72 hours.

If you do not have a backup, paying the ransom may seem like a good option. However, it comes with many risks. Most importantly, there are no guarantees that you will actually get the decryptor. While ransomware operators like to pretend they’re operating as legitimate a business, they are not trustworthy. There are no guarantees that they’ll actually send you the decryptor after you pay. Many past ransomware victims have not only lost their files but their money as well. But the decision is yours.

If you have a backup, you can start recovering your files as soon as you remove Zfdv ransomware from your computer. Make sure to use anti-malware software. Unless you know exactly what to do, you could accidentally cause more damage with manual Zfdv ransomware removal. If you do not have copies of your files saved anywhere, back up the encrypted files and wait for a free Zfdv ransomware decryptor to be released. Whether one will actually be released is not certain but that is your only option at the moment.

What you can do to avoid infecting your computer with ransomware

  • Do not open unsolicited email attachments without double-checking them first.

Email attachments are one of the most common ways malware is distributed. It’s enough for users to open the attachments for the malware to be able to initiate. Emails that carry malware are often quite easy to recognize as long as you know what to look for. Senders usually claim to be from legitimate companies and pressure users to open the attachments by claiming they’re important documents that need to be urgently reviewed. But the emails are usually full of grammar/spelling mistakes, which immediately give them away. Another sign that something’s not right is when senders who should know your name address you as Dear User/Member/Customer, etc. Emails whose attachments you should open will always address you by name.

Some malicious email campaigns are much more sophisticated. We recommend that you always scan unsolicited email attachments with anti-virus software or VirusTotal before opening them.

  • Do not pirate copyrighted content using torrents.

It’s a known fact that those using torrents are much more likely to infect their computers with malware. Torrent sites are often quite poorly regulated, and this allows malicious actors to upload torrents with malicious content in them. They can stay up for a long time, which could result in many malware victims. It’s especially common to find malware in torrents for movies, TV series, software, and video games. Not only is pirating essentially stealing content, but it’s also dangerous for the computer and your data.

  • Do not download software from questionable websites.

Third-party download websites are not always safe so you need to be very careful when downloading anything from them. If possible, choose legitimate, official websites for your downloads.

  • Install updates.

Keeping your OS and software up to date is very important. When vulnerabilities are discovered, they are patched with updates. Vulnerabilities can be used by malware to enter devices, and if you do not install updates, you’re essentially inviting malware in. If possible, enable automatic updates so they are installed as they come out.

  • Have anti-virus software.

Many anti-virus programs now have anti-ransomware features. Not only can such programs stop you from initiating a malicious file, but they can also block ransomware from making changes to your files. Consider having anti-virus software enabled at all times, and when doing your research, make sure your program of choice has an anti-ransomware feature.

Zfdv ransomware removal

Unless you want to cause additional damage to your computer, do not try to remove Zfdv ransomware manually. These kinds of infections are very complex and require professional removal. Use a reliable anti-virus program for Zfdv ransomware removal. If you have a backup, you can access it to start recovering files as soon as you fully delete Zfdv ransomware from the computer. Keep in mind that if the ransomware is still present when you connect to your backup, backed-up files would become encrypted as well.

If you do not have a backup, your only option is to wait for a free Zfdv ransomware decryptor to be released. You can try Emsisoft’s STOP Djvu decryptor but we doubt it will work. For this decryptor to work, Emsisoft would have to have your encryption key. And if the key is unique to you, they certainly would not have it. Back up your encrypted files and wait for free Zfdv ransomware to be released. However, you need to be very careful when looking for free decryptors because there are many fake ones. NoMoreRansom is a great site to check for decryptors.

Zfdv detections

Zfdv ransomware is detected as:

  • Win32:Malware-gen by Avast/AVG
  • Ransom:Win32/StopCrypt.PBR!MTB by Microsoft
  • Packed.Generic.525 by Symantec
  • TROJ_GEN.R06CC0PES22 by TrendMicro
  • Trojan.MalPack.GS by Malwarebytes
  • HEUR:Trojan.Win32.Scarsi.gen by Kaspersky
  • Gen:Variant.Mikey.137949 (B) by Emsisoft
  • Gen:Variant.Mikey.137949 by BitDefender