Zepto ransomware is a relatively new player in the ransomware scene, and it’s closely related to the infamous Locky ransomware. Taking a closer look at Zepto’s code, we found that the code is pretty much the same as Locky’s code, but it has been slightly modified. The malware authors behind Zepto use the same methods used to spread Locky, and even the infection vector and the TOR payment page are the same, which makes us think that the people behind Locky are now spreading Zepto. The only difference between Locky and Zepto is the ransom demand. Zepto’s demand is much higher than Locky’s, 3 Bicoins (approximately $1,850).
One of the interesting things is the use of a priority file list to determine the order of file encryption according to the type of file. Each file has a weight ranging from 7 to -1. 7 being the highest priority. "*.doc" and "*.odt" have a weight of 5. "wallet.dat" has a weight of 7. "*.3ds" and "*.max" have a weight of 4...
Complete analysis: https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files