Unlock92 Zipper Ransomware
The Unlock92 Zipper Ransomware is a new version of the Unlock92 Ransomware, a file-locking Trojan whose extortionist campaigns began in 2016. This version of the Trojan continues blocking your documents and other media until you pay a ransom for a decryptor but uses a new encryption format that it derives from ZIP archive compression. Let your anti-malware programs delete the Unlock92 Zipper Ransomware automatically, when you can, and use backups for restoring your locked files.
An Old Trojan Learns New Ways of Locking Things
Activity from the Unlock92 Ransomware family, generally, focuses on edits to the ransoming payments without many changes to the Trojan's technical features. Examples of the Russian-based Trojan's many variants along this line include the '.kukaracha File Extension' Ransomware, the Gedantar Ransomware, the Naampa Ransomware, and the Unlckr Ransomware. However, with the newest build that malware analysts are examining the Unlock92 Zipper Ransomware, the threat actor is showing a change in his campaign plan.
The Unlock92 Zipper Ransomware's focus remains on encrypting documents, audio, and other media so that they stop opening with the user's associated applications. However, the Unlock92 Zipper Ransomware uses a brand-new means of doing so: placing all the files of each target folder inside of a custom ZIP archive, with additional, byte-based overwriting to their internal data. The technique isn't a brand-new style of attack for file-locker Trojans – similar methods are parts of the payloads of the 'All_Your_Documents.rar' Ransomware and the Bart Ransomware – but is the first use of the technique from this family.
The Unlock92 Zipper Ransomware conducts its ransom negotiations in Russian language text messages and redirects its victims to a free e-mail address and a TOR website for purchasing its decryption solution. The historical unreliability of this method of file restoration is one of several reasons why malware experts encourage keeping backups that can help users recover anything that's 'locked' by any means of encryption without a decryption tool.
Unzipping Your Files from Where They Don't Belong
Its threat actor may be updating the Unlock92 Zipper Ransomware's encryption techniques but is neglecting security measures that would keep third parties from cracking them. Victims who don't have any backups of any locked data should speak with a cryptography-experienced member of the anti-malware researchers' community for their help with a free decryption solution. However, such solutions aren't possible with every threat of this category, and making use of backup strategies involving removable devices and cloud services is optimal for the safety of your files.
The Unlock92 Zipper Ransomware is, just like the first Unlock92 Ransomware, a Windows Trojan that uses the .NET Framework and is compatible with most, modern versions of that operating system. While its infection techniques have yet to receive a full analysis, criminals often use spam e-mails for compromising the victims' PCs for file-locking Trojans' attacks, and also may exploit RDP features against the business sector. Most anti-malware products can remove the Unlock92 Zipper Ransomware safely and, thereby, stop it from locking your files.
Why the Unlock92 Zipper Ransomware doesn't use the original data-locking feature is up to speculation, but all Windows users may be grateful that its attacks lack the protection that most file-locking Trojans possess. In most scenarios with other Trojans, a file that's locked is safely locked – and not decryptable without gambling on a ransom that may not pay off for the victim.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.