Threat Database Ransomware ZIG Ransomware

ZIG Ransomware

The ZIG Ransowmare operates as typical ransomware - it aims to infect the targeted system, initiate an encryption routine, and then extort the victim for money in exchange for the restoration of the locked data. Whenever the ZIG Ransomware encrypts a file it changes that file's original name drastically. First, a unique ID assigned to the specific victim will be appended. It will be followed by an email address belonging to the hackers - honestly@tutanota.com, in this case. Finally, '.ZIG' will be placed as a new file extension. The next step of ZIG Ransowmare is to deliver its ransom note. It does so by creating text files named 'info.txt' as well as displaying a pop-up window. The ZIG Ransomware is a new, threatening variant belonging to the infamous Dharma Ransomware family.

The text files contain little useful information, simply directing the affected users to send a message to the two provided email addresses - 'honestly@tutanota.com' and 'honestly@onionmail.org.' The pop-up window contains the proper ransom message but in essence, it reiterates the same sentiment. Users need to establish contact to receive the exact demands of the cybercriminals. It is clarified, however, that the secondary email address should be used in cases where victims do not receive a response within 12 hours after sending a message.

The full text of the note found in the text files is:

'all your data has been locked us
You want to return?
write email honestly@tutanota.com or honestly@onionmail.org

The pop-up window displays the following message:

YOUR FILES ARE ENCRYPTED
honestly
Don't worry, you can return all your files!
If you want to restore them, write to the mail: honestly@tutanota.com YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:honestly@onionmail.org

ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
'

Related Posts

Trending

Most Viewed

Loading...