Zzzz Ransomware
The Zzzz Ransomware is another malware threat that aims to infect users' computers and then lock the files stored there, rendering them completely unusable. Ransomware threats typically employ uncrackable cryptographic algorithms to ensure that the files they encrypt will be virtually impossible to restore without the necessary decryption key.
Whenever the threat locks a file in such a manner, it also will modify the file's original name by adding '.zzzz' to it as a new extension. The hackers then leave a ransom note with instructions for their victims on how to pay for the decryption key. This ransom-demanding message will be contained inside a newly-created text file on the system named 'HowToDecrypt.txt.'
Ransom Note's Details
Zzzz Ransomware's note doesn't reveal the exact amount demanded by the attackers but it states that they accept payments in Bitcoin. The note also clarifies that victims can send one file to be decrypted for free as a demonstration of the hackers' ability to restore the user's data. However, the chosen file must not exceed 512KB in size.
To establish contact with the cybercriminals, users can send a message to the email addresses mentioned in the note - 'semenov.akkim@protonmail.com,' 'crastards@rediffmail.com,' 'smenov@bitmessage.de,' and 'smenov@mail2tor.com.' The final section of the note consists of various warnings. Users should not try renaming the locked file or using third-party decryption tools since that could damage the data permanently.
The full text of Zzzz Ransomware's note is:
'!!! YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important
files are encrypted.
You are not able to decrypt it by yourself! The only method
of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.We have the decryptor and
will decrypt 1 file for test(maximum file size - 512 kb),
its guarantee what we can decrypt your files.Do you really want to restore your files?
Contact information: semenov.akkim@protonmail.com, crastards@rediffmail.com, smenov@bitmessage.de, smenov@mail2tor.comWe accept Bitcoin.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software,
it may cause permanent data loss.
Decryption of your files with the help of third parties may
cause increased price (they add their fee to our) or you can
become a victim of a scam.Your personal ID:'
