Threat Database Ransomware Zlocker Ransomware

Zlocker Ransomware

By GoldSparrow in Ransomware

The Zlocker Ransomware is an encryption ransomware Trojan. One aspect of the Zlocker Ransomware that has caught attention is that when the Zlocker Ransomware renames the victim's files, the Zlocker Ransomware uses a special symbol, '╘,' which is added as a file extension to the affected files. The Zlocker Ransomware seems to target computer users in Russian speaking regions in its attack; otherwise, the Zlocker Ransomware carries out a fairly typical encryption ransomware attack.

How the Zlocker Ransomware can Make Your Files Unaccessible

The Zlocker Ransomware uses a strong encryption algorithm to make the victim's files inaccessible and then demands a ransom payment. The Zlocker Ransomware drops a text file named 'ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ.txt' ('YOUR FILES ARE STRIKED.txt') on the victim's PC to demand its ransom payment. There is little to differentiate the Zlocker Ransomware from other ransomware Trojans. The Zlocker Ransomware demands a payment equivalent to approximately 85 USD at the current exchange rate. In its attack, the Zlocker Ransomware will target the user-generated files, typically avoiding the Windows system files but encrypting photos, videos, audios, texts, and numerous other files. Examples of the files that threats like the Zlocker Ransomware will target in their attack include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Zlocker Ransomware’s Ransom Demands

The Zlocker Ransomware displays its ransom note in the form of the text file mentioned above after encrypting the victim's files. The Zlocker Ransomware's ransom note contains the following text (written in Russian):

'Ваши файлы были зашифрованы. Чтобы расшифровать их, получив ключ дешифровки вы должны оплатить 5000р. на QIWI 79684666319. Иначе ваши файлы будут удалены без возможности восстановления. Оплачивая укажите в комментариях свою почту, на которую будет выслан дешифратор.'

The message above, translated into English, reads as follows:

'Your files have been encrypted. To decrypt them, having received the decryption key you must pay 5000r. on QIWI 79684666319. Otherwise your files will be deleted without the possibility of recovery. When paying, indicate in your comments your mail, to which the decoder will be sent.'

It is a right decision to refrain from paying the Zlocker Ransomware ransom or following the instructions in the Zlocker Ransomware's ransom note. Instead, take steps to protect your data preemptively so that your data can be safe from the Zlocker Ransomware and other attacks that use similar tactics, which are becoming common increasingly.

Protecting Your Data from Ransomware Trojans Like the Zlocker Ransomware

The best way to fight ransomware Trojans like the Zlocker Ransomware is to have file backups and keep them in safe places. File backups are the safest way to restore the encrypted files instead of contacting the extortionist and exposing yourself to additional attacks. Apart from file backups, you should know how these threats are delivered and then learn how to spot these hoaxes before becoming a victim of the attack. The most common way in which threats like the Zlocker Ransomware may be delivered is as file attachments contained in spam email messages. Learning to avoid these messages and using a strong anti-spam filter can prevent threats like the Zlocker Ransomware from landing in your email inbox in the first place. Apart from file backups and anti-spam measures, a security program also is essential in preventing the Zlocker Ransomware attacks.

SpyHunter Detects & Remove Zlocker Ransomware

File System Details

Zlocker Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe cf384e04d11742ec8c4eb1432124267a 0


Most Viewed