Unlock92 Zipper Ransomware

Unlock92 Zipper Ransomware Description

Type: Ransomware

The Unlock92 Zipper Ransomware is a generic file cryptor Trojan that was reported on July 19th, 2018. Samples of the cryptor revealed that it is based on the Unlock92 Ransomware from October 2017. The new version is dubbed Unlock92 Zipper Ransomware based on the act that the malware payload is delivered as a password-protected ZIP file. PC users may be proposed to open the malicious ZIP file and acquire a document with valuable information. However, that is a simple trick to convince the users to run the self-extracting ZIP file and install the Unlock92 Zipper Ransomware Trojan on their system.

The Unlock92 Zipper Ransomware is very similar to the Unlckr Ransomware and the Naampa Ransomware that belong to the same malware family. It is believed that Unlock92 Zipper Ransomware is not controlled by the same team behind the original project. The Unlock92 Zipper Ransomware is programmed to encipher data in a new way, and the researcher Michael Gillespie is confident the new variant can be decrypted. The threat is observed to take files in any given folder and put them in a password-protected ZIP container. The protected container is titled following the model -.zip. The ransom note is presented as a simple text file with a random name that can be found on the desktop. The Unlock92 Zipper Ransomware is aimed primarily at Russian-speaking users, and the ransom message features the following text:

'Если хотите вернуть ваши файлы отправьте один небольшой архив и файл KEY.VL на e-mail: un92@protonmail.com
Если вы не получили ответа в течение суток то скачайте с сайта www[.]torproject[.]com браузер TOR
и с его помощью зайдите на сайт: hxxp://n3r2kuzhw2h7x6j5[.]onion - там будет указан действующий почтовый ящик.
Пароль для архива состоит более чем из 50 символов. На самостоятельный подбор уйдёт не один год.'

Translated into English:

'If you want to restore your files, send one small archive and file KEY.VL to e-mail: un92@protonmail.com
If you did not receive an answer within 24 hours then download the TOR browser from www[.]torproject[.]com
and with his help, go to the site: hxxp://n3r2kuzhw2h7x6j5[.]onion - there will be a valid mailbox.
The password for the archive consists of more than 50 characters. An independent attempt at recovery will take more than one year.'

Affected PC users may find the obfuscated decryption key titled 'KEY.VL' under the AppData folder and on the desktop. As mentioned above, you may be able to use help from Michael Gillespie via Twitter and recover your data. It is a bad idea to transfer money to the people behind the Unlock92 Zipper Ransomware. Most users may be comfortable using backup images and system recovery disks to rebuild their data. Infected machines should be cleaned with a reliable anti-malware instrument. Computer security companies mark related objects with the following tags:


Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Unlock92 Zipper Ransomware

File System Details

Unlock92 Zipper Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 file.exe c9929a0ec2d9016b98dacbae20ff9431 1
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.