ZipLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 552 |
First Seen: | May 10, 2017 |
Last Seen: | October 7, 2021 |
OS(es) Affected: | Windows |
The ZipLocker Ransomware is a ransomware Trojan. The Trojans in this category are designed to take the victim's files hostage, asking for the payment of a sum to restore access to the infected files. These tactics are becoming common increasingly due to the effectiveness of the attack; even if the ZipLocker Ransomware infection itself is removed, the victim's files remain inaccessible. Because of this, dealing with ransomware Trojans like the ZipLocker Ransomware is not only a matter of preventing the ZipLocker Ransomware infection itself but also of taking steps to ensure that data can be recovered in case that it becomes compromised in one of these attacks.
Table of Contents
Disclosing the ZipLocker Ransomware Trojan Infection
The most common tactic used in these attacks is to use an encryption algorithm to encrypt the victim's files. The ZipLocker Ransomware uses a different tactic, which has been observed in rarer cases of ransomware infections. The ZipLocker Ransomware will place the victim's files into an archive locked with a strong password. The password protected ZIP file containing the victim's files is inaccessible without the password. Victims are forced to pay the ZipLocker Ransomware ransom if they want to gain access to the password needed to recover the locked files. The ZipLocker Ransomware seems to be an update of a previously ransomware Trojan known as IPA, or International Police Association Ransomware. The IPA Trojan was observed in a test version that was not released to the public. The ZipLocker Ransomware also seems to be a work in progress and was observed on online anti-virus platforms, which are often used by con artists to test their threat creations. There are numerous similarities between the ZipLocker Ransomware and other ransomware Trojans released in recent months.
How the ZipLocker Ransomware Trojan may Attack a Computer
The ZipLocker Ransomware places the victim's files into a ZIP archive. The ZipLocker Ransomware ZIP file is protected with an AES-256 cipher, making it impossible to access the archive without access to the password. The ZipLocker Ransomware names the ZIP file using the template [ORIGINAL FILE NAME]locked.zip, making it simply to know which files have been encrypted in the attack. The ZipLocker Ransomware has been observed to attack the following file types:
.PPTX, .PPT, .JPEG, .DAT, .XLSS, .MP3, .ODT, .PNG, .XLS, .DOCX
Compared to other ransomware Trojans, this is a remarkably short list. This may be because the sample of the ZipLocker Ransomware being observed by malware researchers at the current time is a test version. An updated version of the ZipLocker Ransomware released to the public may add hundreds of other file types to this list of file extensions.
Dealing with a ZipLocker Ransomware Infection
Like previous versions of this threat, it seems that the people responsible for the ZipLocker Ransomware have hard-coded the unlock password into the ZipLocker Ransomware's executable file, which indicates that it may be possible to extract it. Some versions of the ZipLocker Ransomware can be bypassed by using the string 'Destroy' as the password. Earlier versions of the ZipLocker Ransomware, released as IPA Ransomware, could b unlocked with the password 'ddd123456.' Although it is possible to deal with these ransomware Trojans, in the vast majority of cases it is not possible to recover the files affected in the attack. Because of this, it is essential to take preventive measures to make sure that no data is lost irretrievably. Ransomware Trojans make up more than 80% of threat attacks in the wild currently. Because of this, security measures should be put in place.
The best preventive measure against threats like the ZipLocker Ransomware is to have reliable file backups. Being able to recover the lost files by simply copying them over from backup versions undoes the strategy of the ZipLocker Ransomware and other ransomware Trojans completely. Apart from file backups, you should have updated security programs running at all times.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.