Zimba Ransomware

Zimba Ransomware Description

The Zimba Ransomware is classified as belonging to the infamous Dharma Ransomware malware family. The threat itself shows little meaningful modification when compared to the rest of the Dharma Ransomware variants. The two aspects that distinguish it the most are the hackers' email addresses and the specific extension used for the encrypted files.

When the Zimba Ransomware manages to sneak itself onto the targeted computer, it engages its encryption process and proceeds to lock a wide range of file types. Users will find that they can no longer access their MS Office documents, pictures, videos, PDFs, databases, etc. If the compromised computer held work-related projects, the consequences of the Zimba Ransomware attack could get even more severe.

Every file affected by the threat will have its original file name modified significantly. The Zimba Ransomware appends a unique ID for the victim, followed by an email address belonging to the hackers, and finally '.zimba' as a new extension. The email address used in the file names is 'backup@zimbabwe.su.' As a typical Dharma Ransomware variant, Zimba also delivers its ransom note in two forms - as text files named 'FILES ENCRYPTED.txt' that are dropped in every folder containing encrypted data and in a pop-up window displayed to the user.

The text files contain little useful information, as they simply tell the victims of the threat to initiate contact by sending a message to the same email address - backup@zimbabwe.su. The pop-up window has a longer message, but it also lacks some key details, such as the exact amount demanded by the hackers or if the payment must be made using one of the popular cryptocurrencies. In addition, no backup email address has been provided.

The full text of the Zimba Ransomware's note is:


Don't worry,you can return all your files!

If you want to restore them, follow this link: email backup@zimbabwe.su YOUR ID -

If you have not been answered via the link within 12 hours, write to us by email:backup@zimbabwe.su


Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The 'FILES ENCRYPTED.txt' files state:

all your data has been locked us

You want to return?

write email backup@zimbabwe.su'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.