This ransomware encrypts user data and then requires them to visit the ransomware website to learn how to pay a ransom and get their files back. The ransom note prompts victims to visit a TOR-based payment portal to proceed with the payment in either BTC or XMR coins. The ransomware operators threatens to publish the stolen data on their website. Till now there is no known websites of it. Zeon payloads are Python-based executable packaged via pyInstaller and further obfuscated via pyArmor and it gain persistence using Task Scheduler.
Zeon Ransomware Signatures
Zeon Ransomware Download