Microsoft released an alert about a new ransomware strain called ZCryptor, which works like a worm and spreads via removable and network drives.
The MalwareForMe blog reported this first on May 24. Three days later, Redmond's security team decided to alert people about this threat. Because the ransomware adds the .zcrypt file extension to locked files, some security researchers also call "zCrypt".
“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft's Malware Protection Center alert stated. “This ransom leverages removable and network drives to propagate itself and affect more users.” A subsequent analysis by Trend Micro confirmed Microsoft's findings, categorizing the threat as a "worm," with self-propagation features.