Ztax (.Ztax) Ransomware Virus [[email protected]]

Safety specialist Tomas Meskauskas was the one who originally detected the Ztax virus, which falls under the Dharma ransomware family. Ransomware of this type encrypts all user’s data on the computer (images, text files, excel tables, music, videos, etc) and adds its extra extension to every file, leaving the manual.txt files in every directory containing encrypted files.

What is Ztax virus?

☝️ Ztax is a Dharma family ransomware infection.

The pattern of renaming is this: .Ztax. During the encryption, a file entitled, for example, “report.docx” will be turned into “report.docx.id-9ECFA84E.[[email protected]].Ztax”.

In each directory containing the encrypted files, a manual.txt text file will appear. It is a ransom money note. Therein you can find information on the ways of contacting the racketeers and some other information. The ransom note usually contains a description of how to purchase the decryption tool from the tamperers. You can get this decoding tool after contacting [email protected], [email protected] via email. That is how they do it.

Ztax Summary:

The manual.txt document coming in package with the Ztax ransomware states the following:

You want to return?

write email [email protected] or [email protected] 

In the screenshot below, you can see what a directory with files encrypted by the Ztax looks like. Each filename has the “.Ztax” extension added to it.

How did Ztax ransomware end up on my PC?

There are plenty of possible ways of ransomware infiltration.

There are currently three most exploited ways for tamperers to have ransomware acting in your digital environment. These are email spam, Trojan injection and peer-to-peer file transfer.

• If you access your mailbox and see letters that look just like notifications from utility services companies, postal agencies like FedEx, web-access providers, and whatnot, but whose addresser is unknown to you, be wary of opening those emails. They are very likely to have a ransomware item attached to them. Therefore, it is even riskier to open any attachments that come with emails like these.
• Another thing the hackers might try is a Trojan virus model. A Trojan is a program that infiltrates into your machine pretending to be something else. For instance, you download an installer of some program you need or an update for some program. However, what is unpacked turns out to be a harmful program that corrupts your data. Since the update package can have any name and any icon, you’d better be sure that you can trust the resource of the files you’re downloading. The optimal way is to trust the software companies’ official websites.
• As for the peer-to-peer networks like BitTorrent or eMule, the danger is that they are even more trust-based than the rest of the Internet. You can never know what you download until you get it. So you’d better be using trustworthy resources. Also, it is a good idea to scan the directory containing the downloaded items with the anti-malware utility as soon as the downloading is complete.

How do I get rid of ransomware?

It is important to inform you that besides encrypting your files, the Ztax virus will most likely install Vidar Stealer on your computer to get access to credentials to different accounts (including cryptocurrency wallets). The mentioned program can extract your credentials from your browser’s auto-filling cardfile.

How do I avoid ransomware attack?

Ztax ransomware has no endless power, neither does any similar malware.

You can armour your computer from its injection taking several easy steps:

• Ignore any letters from unknown mailers with unknown addresses, or with content that has nothing to do with something you are expecting (how can you win in a money prize draw without participating in it?). If the email subject is more or less something you are expecting, scrutinize all elements of the suspicious email with caution. A fake letter will surely contain a mistake.
• Never use cracked or untrusted software. Trojan viruses are often spreaded as a part of cracked software, most likely as a “patch” to prevent the license check. But potentially dangerous programs are difficult to distinguish from trustworthy software, because trojans may also have the functionality you need. Try to find information about this software product on the anti-malware forums, but the optimal way is not to use such software.

Frequently Asked Questions

🤔 Are the “.Ztax” files accessible?

Negative. That is why ransomware is so frustrating. Until you decode the “.Ztax” files you will not be able to access them.

🤔 What should I do to make my files accessible as fast as possible?

If the “.Ztax” files contain some really important information, then you probably have them backed up. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. There are other ways to beat ransomware, but they take time.

🤔 What actions should I take if the Ztax virus has blocked my PC and I can’t get the activation code.

🤔 What can I do right now?

Some of the encrypted data can be found elsewhere.

• If you exchanged your important files through email, you could still download them from your online mail server.
• You may have shared photographs or videos with your friends or family members. Simply ask them to send those pictures back to you.
• If you have initially got any of your files from the Internet, you can try downloading them again.
• Your messengers, social networks pages, and cloud drives might have all those files too.
• It might be that you still have the needed files on your old computer, a notebook, cellphone, flash memory, etc.

USEFUL TIP: You can use file recovery utilities² to get your lost data back since ransomware blocks the copies of your files, removing the authentic ones. In the tutorial below, you can learn how to recover your files with PhotoRec, but remember: you won’t be able to do it before you remove the virus with an anti-malware program.

1. My files are encrypted by ransomware, what should I do now?
2. Here are Top 10 Data Recovery Software Of 2024.