Zwer Ransomware

Zwer Ransomware Description

The Zwer Ransomware is one of the most recent variants of the notorious STOP Ransomware. Threats that belong to the STOP Ransomware have affected numerous users as in 2019 alone, there were over 200 copies of this file-locker released in the wild.

Propagation and Encryption

It is not yet known what distribution methods are involved in the propagation of the Zwer Ransomware. Some security experts speculate that the creators of the Zwer Ransomware may be using some of the most commonly utilized infection vectors such as malvertising campaigns, torrent trackers, bogus pirated variants of popular software tools, fake social media pages and posts, fraudulent emails that contain macro-laced attachments, etc. The Zwer Ransomware targets a long list of filetypes. Once the Zwer Ransomware compromises your system, it will make sure to encrypt all of your images, documents, audio files, videos, databases, archives, spreadsheets, presentations, etc. When the Zwer Ransomware encrypts a file, it changes its filename by adding a '.zwer' extension to it. For example, a file called 'cooking-show.mov' will be renamed to 'cooking-show.mov.zwer' after the encryption process is complete.

The Ransom Note

The name of the note, which contains the ransom message of the attackers, is '_readme.txt.' The note dropped on the victim's system, contains information and instructions regarding the potential recovery of the user's data. In the ransom note, the attackers mention that:

  • The ransom fee is set at $980.
  • Users who get in touch with the authors of the threat within 72 hours successfully will get a 50% discount and would have to pay $490.
  • There are two email addresses where users can contact the creators of the threat – ‘helpmanager@mail.ch' and ‘helpdatarestore@firemail.cc.'
  • One file can be decrypted free of charge, provided that it does not contain valuable information.

It is best to ignore the demands of cyber crooks because there is no guarantee that they will send you a decryption key, even if you pay them the fee they ask for. Instead, you should consider investing in a trustworthy, modern anti-virus software suite that will remove the Zwer Ransomware from your PC and protect your system in the future.