On 18th July 2018, ransomware removal experts were able to locate a new cyber threat in the ransomware space. The ransomware named as ‘Unlock92 Zipper Ransomware’ is an updated version of Unlock92 Ransomware. Netizens can detect whether their PC is infected or not by this newly-arrived threat if they observe any of their files to have an extension of ‘.random.zip’. It was also noted by ransomware removal experts that the team behind the ransomware is not the same as the previous one.
Analysis of the Ransomware
Ransomware removal experts explain that the primary intent of those behind this nefarious ransomware is similar to others, as files of victims are locked with encryption algorithms and the files’ owners are forced to pay money to get their data back. As it is an update of the infamous Unlock92 Ransomware, it employs the use of cryptographic algorithm RSA to encrypt the files of users.
Files that are generally encrypted consist of different formats including IT assets (source code, SQL files, exe files), multimedia (images, videos, presentations) and text documents (Microsoft Office documents like Excel, Word, PPT). After RSA’s completion, affected files are zipped and included in a folder. This zipping mechanism used by the virus is one of the modifications noticed by ransomware removal analysts.
Subsequently, a file named KEY.VL is also placed under the AppData folder by the ransomware. Afterward, a ransom note is displayed on victims’ desktop that is written in the Russian language.
The ransomware’ distribution strategies are countless. It includes spam e-mail campaigns where victims are sent e-mails with malicious links and file attachments. Malware is also incorporated as part of freeware in many websites on the Internet. However, one of the biggest sources of this ransomware infection is files downloaded via torrents that are used by netizens to obtain movies, games, and software.