Kill Zorro Ransomware Removal Guide

Do you know what Kill Zorro Ransomware is?

Kill Zorro Ransomware is a newly discovered malware that is part of the Hidden-Tear ransomware family, so there is nothing groundbreaking about it. Nevertheless, it is dangerous because it can encrypt your personal files and demand that you pay a substantial sum of money for the decryption tool. However, you cannot trust cybercriminals to deliver on their promise to send you the decryptor. Therefore, we recommend that you remove this program from your PC. To find out more about this highly malicious application, we recommend that you read this whole article.

First, let us take a look at how this program is distributed and where it comes from. Our malware analysts say that Kill Zorro Ransomware was created by the same people as Angleware Ransomware, Redants Ransomware, CryptoKill Ransomware, and Korean Ransomware. All of them are part of the Hidden-Tear ransomware platform. All Hidden-Tear-based ransomware is written in the .Net framework programming language and all of them share the bulk of the same base code. Kill Zorro Ransomware, in particular, can run on any Windows architecture whether it is 32-bit or 64-bit. However, it prefers 64-bit over the 32-bit. It also uses the .NET 2.0 runtime.

Our cyber security experts say that the developers of Kill Zorro Ransomware probably use email spam to distribute it. Not much information is known about the distribution, methods used to infect computers. However, it is clear that no matter what methods are used, this ransomware can only infect your PC secretly. We think that it is most plausible that this ransomware is sent via email spam much like its counterparts. Our malware researchers say that the developers might have set up a server that automatically sends emails that feature a file attachment that drops this ransomware onto your PC when you open it. The file can be disguised as an invoice or receipt. The emails should feature a file archive that contains this ransomware’s main executable.

If this ransomware were to infect your PC, then it will start encrypting your personal files with the AES-256 encryption algorithm. The algorithm features a 256-bit length key and a 128-bit block size. This encryption algorithm is quite strong, and there is currently no free decryption tool that could decrypt your files free of charge. This ransomware creates a file named “shwdFtY8245PqWQWf.bat" in the Documents folder and hen executes the command "vssadmin.exe Delete Shadows /All /Quiet" via Command Prompt to delete all shadow copies of your files. Also, it is worthy of a note that it disables Task Manager, Windows updates, Registry Editor, and System restore. It also hides the system clock for some bizarre reason.

While encrypting your files, this ransomware is set to append the files with the ".zorro" file extension. It can encrypt hundreds of file formats that include images, videos, documents, and so on. Our researchers say that it was designed to encrypt files located at %LOCALAPPDATA%, %APPDATA%, %USERPROFILE%\Contacts, %USERPROFILE%\Desktop, %USERPROFILE%\Documents, %USERPROFILE%\Downloads. Once the encryption is complete, this ransomware creates a file named passcode.txt in %USERPROFILE%\Desktop\I (hidden folder) that features information such as your computer’s name, your user name, OS version, OS platform, and the user account password. It uploads this information, using FTP using STOR command (file transfer) to the server. After uploading the information, it is set to delete %USERPROFILE%\Desktop\I. Now, that you know all there is to know about this malware, let us move on to its removal.

As you can see, Kill Zorro Ransomware is one malicious piece of software. Its developers want you to pay 1 BTC for the decryption program to get your files back. However, you should refrain from paying the ransom because you might not receive the criminals might not send it to you after you pay. Therefore, you might want to get rid of it, so we suggest using SpyHunter’s free scanner to detect the executable and go to its location and remove it manually because the file can be named randomly and placed in a hidden location. Both methods are effective although you may have trouble locating and identifying the malicious executable file.

Removal Instructions

  1. Visit http://www.spyware-techie.com/download-sph
  2. Download SpyHunter-Installer.exe
  3. Install the program and run it.
  4. Click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Press Win+E keys.
  7. Type the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Locate, right-click the malicious files and click Delete.
  10. Empty the Recycle Bin.

In non-techie terms:

Kill Zorro Ransomware was designed to encrypt your personal files using an advanced encryption algorithm for the purpose of extracting your money. However, you cannot trust criminals to keep their word, so we invite you to remove this program. Note that it can infect your PC secretly, most likely via email, so you should also make sure that you computer is safe and secure.