Had a call on Friday regarding a PC or Pc's that are infected with Zepto ransoware.
The problem started with one of the tills "going down" and not working as it should so they called
the people who look after the specialized till software who came in remotely to a PC which they
look after and acts as a serverfor their software. After looking around in one of their system folders
they found an html file called _1_HELP_instructions.html. They must have then opened this which
then displays the standard all of your files are encrypted etc. In the folder there are also 3 files with a
zepto extension which may jut be word documents and may not affect how the program works.
They then said that this is why it wasn't working properly and this type of infection is probably caused by an email. The pc in question isn't used for anything else apart from running this softare and linking to the tills. There is no email account on it.
In the same room there is another pc that does use email. This is by the look of it also affected with the Zepto as all the word documents have the html file and the .zepo extension.
It is obviously infected but this pc has Norton3 60 Premier on it so if the user had opened an infected email wouldn't this have stopped it.
I called in yesterday to have a look and have run full Norton scan and also malwarebytes but
it comes back clean.
I have also looked at the Norton logs on the day in question - I was told the problem started around 11am on the 15th of July but there doesn't appear to be any infections for that day.
I Suspect that this pc has infected the other that is at least what the sofware people are suggesting.
Would it be possible to spread in this way.
Any thoughts or suggestions would be welcome