Unlock92 Zipper Ransomware DescriptionType: Ransomware
The Unlock92 Zipper Ransomware is a generic file cryptor Trojan that was reported on July 19th, 2018. Samples of the cryptor revealed that it is based on the Unlock92 Ransomware from October 2017. The new version is dubbed Unlock92 Zipper Ransomware based on the act that the malware payload is delivered as a password-protected ZIP file. PC users may be proposed to open the malicious ZIP file and acquire a document with valuable information. However, that is a simple trick to convince the users to run the self-extracting ZIP file and install the Unlock92 Zipper Ransomware Trojan on their system.
The Unlock92 Zipper Ransomware is very similar to the Unlckr Ransomware and the Naampa Ransomware that belong to the same malware family. It is believed that Unlock92 Zipper Ransomware is not controlled by the same team behind the original project. The Unlock92 Zipper Ransomware is programmed to encipher data in a new way, and the researcher Michael Gillespie is confident the new variant can be decrypted. The threat is observed to take files in any given folder and put them in a password-protected ZIP container. The protected container is titled following the model
'Если хотите вернуть ваши файлы отправьте один небольшой архив и файл KEY.VL на e-mail: email@example.com
Если вы не получили ответа в течение суток то скачайте с сайта www[.]torproject[.]com браузер TOR
и с его помощью зайдите на сайт: hxxp://n3r2kuzhw2h7x6j5[.]onion - там будет указан действующий почтовый ящик.
Пароль для архива состоит более чем из 50 символов. На самостоятельный подбор уйдёт не один год.'
Translated into English:
'If you want to restore your files, send one small archive and file KEY.VL to e-mail: firstname.lastname@example.org
If you did not receive an answer within 24 hours then download the TOR browser from www[.]torproject[.]com
and with his help, go to the site: hxxp://n3r2kuzhw2h7x6j5[.]onion - there will be a valid mailbox.
The password for the archive consists of more than 50 characters. An independent attempt at recovery will take more than one year.'
Affected PC users may find the obfuscated decryption key titled 'KEY.VL' under the AppData folder and on the desktop. As mentioned above, you may be able to use help from Michael Gillespie via Twitter and recover your data. It is a bad idea to transfer money to the people behind the Unlock92 Zipper Ransomware. Most users may be comfortable using backup images and system recovery disks to rebuild their data. Infected machines should be cleaned with a reliable anti-malware instrument. Computer security companies mark related objects with the following tags:
Screenshots & Other Imagery
SpyHunter Detects & Remove Unlock92 Zipper Ransomware
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.