Zimba Ransomware Description
The Zimba Ransomware is classified as belonging to the infamous Dharma Ransomware malware family. The threat itself shows little meaningful modification when compared to the rest of the Dharma Ransomware variants. The two aspects that distinguish it the most are the hackers' email addresses and the specific extension used for the encrypted files.
When the Zimba Ransomware manages to sneak itself onto the targeted computer, it engages its encryption process and proceeds to lock a wide range of file types. Users will find that they can no longer access their MS Office documents, pictures, videos, PDFs, databases, etc. If the compromised computer held work-related projects, the consequences of the Zimba Ransomware attack could get even more severe.
Every file affected by the threat will have its original file name modified significantly. The Zimba Ransomware appends a unique ID for the victim, followed by an email address belonging to the hackers, and finally '.zimba' as a new extension. The email address used in the file names is 'email@example.com.' As a typical Dharma Ransomware variant, Zimba also delivers its ransom note in two forms - as text files named 'FILES ENCRYPTED.txt' that are dropped in every folder containing encrypted data and in a pop-up window displayed to the user.
The text files contain little useful information, as they simply tell the victims of the threat to initiate contact by sending a message to the same email address - firstname.lastname@example.org. The pop-up window has a longer message, but it also lacks some key details, such as the exact amount demanded by the hackers or if the payment must be made using one of the popular cryptocurrencies. In addition, no backup email address has been provided.
The full text of the Zimba Ransomware's note is:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link: email email@example.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by email:firstname.lastname@example.org
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
The 'FILES ENCRYPTED.txt' files state:
all your data has been locked us
You want to return?
write email email@example.com'