Threat Database Ransomware ZipLocker Ransomware

ZipLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 552
First Seen: May 10, 2017
Last Seen: October 7, 2021
OS(es) Affected: Windows

The ZipLocker Ransomware is a ransomware Trojan. The Trojans in this category are designed to take the victim's files hostage, asking for the payment of a sum to restore access to the infected files. These tactics are becoming common increasingly due to the effectiveness of the attack; even if the ZipLocker Ransomware infection itself is removed, the victim's files remain inaccessible. Because of this, dealing with ransomware Trojans like the ZipLocker Ransomware is not only a matter of preventing the ZipLocker Ransomware infection itself but also of taking steps to ensure that data can be recovered in case that it becomes compromised in one of these attacks.

Disclosing the ZipLocker Ransomware Trojan Infection

The most common tactic used in these attacks is to use an encryption algorithm to encrypt the victim's files. The ZipLocker Ransomware uses a different tactic, which has been observed in rarer cases of ransomware infections. The ZipLocker Ransomware will place the victim's files into an archive locked with a strong password. The password protected ZIP file containing the victim's files is inaccessible without the password. Victims are forced to pay the ZipLocker Ransomware ransom if they want to gain access to the password needed to recover the locked files. The ZipLocker Ransomware seems to be an update of a previously ransomware Trojan known as IPA, or International Police Association Ransomware. The IPA Trojan was observed in a test version that was not released to the public. The ZipLocker Ransomware also seems to be a work in progress and was observed on online anti-virus platforms, which are often used by con artists to test their threat creations. There are numerous similarities between the ZipLocker Ransomware and other ransomware Trojans released in recent months.

How the ZipLocker Ransomware Trojan may Attack a Computer

The ZipLocker Ransomware places the victim's files into a ZIP archive. The ZipLocker Ransomware ZIP file is protected with an AES-256 cipher, making it impossible to access the archive without access to the password. The ZipLocker Ransomware names the ZIP file using the template [ORIGINAL FILE NAME], making it simply to know which files have been encrypted in the attack. The ZipLocker Ransomware has been observed to attack the following file types:


Compared to other ransomware Trojans, this is a remarkably short list. This may be because the sample of the ZipLocker Ransomware being observed by malware researchers at the current time is a test version. An updated version of the ZipLocker Ransomware released to the public may add hundreds of other file types to this list of file extensions.

Dealing with a ZipLocker Ransomware Infection

Like previous versions of this threat, it seems that the people responsible for the ZipLocker Ransomware have hard-coded the unlock password into the ZipLocker Ransomware's executable file, which indicates that it may be possible to extract it. Some versions of the ZipLocker Ransomware can be bypassed by using the string 'Destroy' as the password. Earlier versions of the ZipLocker Ransomware, released as IPA Ransomware, could b unlocked with the password 'ddd123456.' Although it is possible to deal with these ransomware Trojans, in the vast majority of cases it is not possible to recover the files affected in the attack. Because of this, it is essential to take preventive measures to make sure that no data is lost irretrievably. Ransomware Trojans make up more than 80% of threat attacks in the wild currently. Because of this, security measures should be put in place.

The best preventive measure against threats like the ZipLocker Ransomware is to have reliable file backups. Being able to recover the lost files by simply copying them over from backup versions undoes the strategy of the ZipLocker Ransomware and other ransomware Trojans completely. Apart from file backups, you should have updated security programs running at all times.


Most Viewed