Zip Zipulya Ransomware
The Zip Zipulya Ransomware is capable of locking a wide array of file types, rendering them unusable. Affected users will no longer have access to their documents, archives, databases, PDFs, pictures, etc. that were stored on the compromised system. The goal of the attackers is to then extort their victims for money by taking the user's data hostage effectively. During its encryption process, the threat will mark each locked file by appending '.zipzipulya' to the original file name. Afterward, a ransom note will be dropped onto the device in the form of a text file named '#Decrypt#.txt.'
Ransom Note's Details
According to the instructions of the ransom-demanding message, victims are supposed to establish contact with the cybercriminals either via ICQ or Skype. The hackers promise that the earlier victims reach out the better terms they will get for the restoration of the locked data. Well, that is if you can trust the words of people spreading malware threats. Furthermore, the note claims that sensitive data has been obtained from the breached devices. The collected information will be released on the Dark Net and made public if victims refuse to pay up.
The full text of Zip Zipulya's note is:
'Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @zipzipulya hxxps://icq.im/zipzipulya
Skype Zip Zipulya
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
We respect your time and waiting for respond from your side
tell your unique ID.'
