Threat Database Ransomware ZIG Ransomware

ZIG Ransomware

The ZIG Ransowmare operates as typical ransomware - it aims to infect the targeted system, initiate an encryption routine, and then extort the victim for money in exchange for the restoration of the locked data. Whenever the ZIG Ransomware encrypts a file it changes that file's original name drastically. First, a unique ID assigned to the specific victim will be appended. It will be followed by an email address belonging to the hackers -, in this case. Finally, '.ZIG' will be placed as a new file extension. The next step of ZIG Ransowmare is to deliver its ransom note. It does so by creating text files named 'info.txt' as well as displaying a pop-up window. The ZIG Ransomware is a new, threatening variant belonging to the infamous Dharma Ransomware family.

The text files contain little useful information, simply directing the affected users to send a message to the two provided email addresses - '' and '' The pop-up window contains the proper ransom message but in essence, it reiterates the same sentiment. Users need to establish contact to receive the exact demands of the cybercriminals. It is clarified, however, that the secondary email address should be used in cases where victims do not receive a response within 12 hours after sending a message.

The full text of the note found in the text files is:

'all your data has been locked us
You want to return?
write email or

The pop-up window displays the following message:

Don't worry, you can return all your files!
If you want to restore them, write to the mail: YOUR ID -
If you have not answered by mail within 12 hours, write to us by another

We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Related Posts


Most Viewed