Zenis Ransomware

What is Zenis Ransomware?

Zenis Ransomware is a fresh threat that can take all your important files hostage and extort money from you for the decryptor and the private key. This new ransomware infection seems to be fresh in two ways. First, it surfaced only a week or two ago and thus, has only infected a few victims. Second, our malware experts at anti-spyware-101.com did not find any resemblance with previous ransomware threats. Nevertheless, you should take this malware infection seriously because you can easily lose all your precious files in this dangerous attack. Although we may have good news for you as malware researchers may have had a breakthrough with this infection and managed to decrypt it. This means that it is possible that you will find a free decryption tool on the web to recover your files, but we do not advise you to look for it or use it yourself unless you are an advanced user. All in all, we do not recommend that you go along with the demands and pay the ransom fee in the end since there is no guarantee that you will get what you pay for. We advise you to remove Zenis Ransomware immediately from your PC.

Where does Zenis Ransomware come from?

There are basically two ways for this dangerous ransomware program to show up on your computer without your noticing it. First and foremost, it is quite likely that you infected your PC by opening a spam e-mail and clicked to view its attachment. Of course, now you may be thinking that you would never open such a spam and check out its attachment on purpose. Well, the truth is that this spam can be rather misleading and convincing, too. When you find it in your spam folder, you may think right away that you need to see what it is about instantly.

This spam may claim, for example, that you gave the wrong credit card details while shopping or booking online, or that you have not settled an invoice. In any case, this e-mail wants you to believe that it is a must-see and it can use any subject that could relate to most people. But even if you do not think it relates to you, it is quite possible that you would not consider it a dangerous spam and you would rather open it just to prove to yourself that it has nothing to do with you. However, it is not possible to delete Zenis Ransomware without the devastating consequence of possibly losing all your important files. Keep that in mind before opening any suspicious or questionable mail in the future.

Another way this dangerous infection may infiltrate your system is via unsecured or weakly configured remote desktop applications. If you have such software installed on your PC, you had better make sure that it is configured properly and safely using strong passwords. Unfortunately, otherwise, cyber crooks can break in to your system and install this ransomware without your noticing it. By the time you would realize what has happened it would be too late to remove Zenis Ransomware.

How does Zenis Ransomware work?

Before this ransomware program starts up its malicious activity on your system, it checks if the launched file has the original name of "iis_agent32.exe" and if the "HKCU\SOFTWARE\ZenisService" registry key exists. If the conditions are right, it can start the encryption process. It uses the AES algorithm to encrypt a lot of file types and extensions to hit you hard. Thus, in this attack you may lose your photos, videos, documents, archives, and databases as well. This infection changes the file name of encrypted files in this format: Zenis-[2 random chars].[12 random chars]. So your files should like something like "Zenis-A5.A8SDFGA5S3SD."

After the encryption it targets the following backup file formats to delete them: .win, .wbb, .w01, .v2i, .trn, .tibkp, .sqb, .rbk, .qic, .old, .obk, .ful, .bup, .bkup, .bkp, .bkf, .bff, .bak, .bak2, .bak3, .edb, and .stm. It should also disable your Task Manager, Registry Editor, and other main processes, which makes it more difficult to remove Zenis Ransomware, though not impossible. This threat drops "Zenis-Instructions.html," the ransom note, in all affected folders.

This note informs you about your files having been encrypted and that you have to send an e-mail to both "TheZenis@Tutanota.com" and "TheZems@MailFence.com," and include the "Zenis-Instructions.html" file as well as one small file to be decrypted for free. If there is no reply within 6 hours, send your request again to TheZenis@Protonmail. com and TheZenis@Mail2Tor.com (on the Tor network). Then, you are supposed to get your file back and if it satisfies you, send an e-mail again and only then will you get the instructions regarding the payment, including the price you have to pay for the decryptor and the private key combo. We do not advise you to go along with it though; instead, you should remove Zenis Ransomware as soon as possible.

How do I delete Zenis Ransomware?

Since this ransomware infection may disable main system processes, it is best to restart your computer in Safe Mode. After you log in to your Windows account, you can now delete the related files and registry entries to eliminate this dangerous threat. Please follow our instructions below if you would like to take care of this infection manually. Once you are done with this threat, you can ask an IT savvy friend to help you find the free decryptor and apply it on your encrypted files if you are not an advanced level user yet. We also suggest that you protect your PC with a reliable malware removal application like SpyHunter to save yourself future nightmares like this.

Restart your computer in Safe Mode

Windows XP/Windows Vista/Windows 7

  1. Restart your computer and keep tapping the F8 key to display the boot menu.
  2. Choose Safe Mode using your arrow keys and press Enter.

Windows 8/Windows 8.1/Windows 10

  1. Change to the Metro UI screen and click the Power icon.
  2. Press and hold the Shift key while you click the Restart option.
  3. Choose Advanced from the Troubleshooting menu.
  4. Navigate to Startup Settings and click Restart.
  5. Press the F4 key to restart in Safe Mode.

Remove Zenis Ransomware from Windows

  1. Press Win+R and type regedit. Click OK.
  2. If found, delete these registry entries:
    HKCU\SOFTWARE\ZenisService
    HKCU\SOFTWARE\Wow6432Node\ZenisService
  3. Exit the editor.
  4. Press Win+E.
  5. Locate and delete all recently downloaded suspicious executable files (e.g., iis_agent32.exe).
  6. Delete the ransom note files ("Zenis-Instructions.html") from all affected folders.
  7. Empty your Recycle Bin.
  8. Restart your computer in Normal Mode. 100% FREE spyware scan and
    tested removal of Zenis Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *