Threat Database Ransomware Zbw Ransomware

Zbw Ransomware

By GoldSparrow in Ransomware

The Zbw Ransomware is a new strain of ransomware that was first spotted in the summer of 2020. There is no clear proof of whether the Zbw Ransomware belongs to any larger family. The Zbw Ransomware encrypts numerous and makes the files inaccessible to the user. Most popular extensions such as .jpg, .doc, .xls are affected by the encryption process. Files that have already been scrambled by the Zbw Ransomware receive the .zbw extension, which also is where the ransomware gets its name. The entire filename is modified, not just the end extension. In this way, a file called "accounts.xls" previously will turn into "accounts.xls.[alphanumeric ID].[].zbw."

Once the encryption is complete, the Zbw Ransomware drops its ransom note in a file called "readme-warning.tx." The two emails the cybercriminals use for contact are and The full content of the ransom note reads:

'::: Greetings :::
Little FAQ:
Q: Whats Happen?
A: Your files have been encrypted and now have the "zbw" extension. The file structure was not damaged, we did everything possible so that this could not happen.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
Q: How to contact with you?
A: You can write us to our mailbox: or
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
Q: If I don't want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'

There is no publicly available decryption tool that can restore files encrypted by the Zbw Ransomware at the moment. Relying on full backups on offline storage and a robust anti-malware suite that can detect threatening activity and stop the ransomware before it can start encrypting files in big quantities remains the two most reliable options to stay safe ransomware damage.


Most Viewed