Unlock92 Zipper Ransomware

Posted by Max Lehmann on August 10, 2018

What is Unlock92 Zipper Ransomware?

It’s been two years since we first reported Unlock92 Ransomware, and now is time to discuss a new variant of this malware, called Unlock92 Zipper Ransomware. In fact, there were two different versions of this infection at the time of research, and neither of them functioned properly. That, of course, does not mean that this infection does not deserve attention. On the contrary, we need to keep a close eye on this malware because we do not want it creeping up on unsuspecting Windows users. It is likely that this infection could be distributed via spam emails or malicious downloaders, and so that is the first thing that all users need to be cautious about. Do not open random emails, download unfamiliar software, or get involved in virtual scams. If the ransomware slithers in anyway, it is likely to encrypt the most valuable personal files, but the good news is that you might be able to recover them. Please continue reading to learn more about this and the removal of Unlock92 Zipper Ransomware.testtest

How does Unlock92 Zipper Ransomware work?

Unlock92 Zipper Ransomware is meant to encrypt your personal files, but it fails to do that. Once launched, the infection tries to place all targeted personal files into one password-protected archive file (.zip) and then replace the files with 1 byte-sized copies. The name of the archive should represent the affected folder, as well as random letters (e.g., Program Files-abcdef.zip). During the test procedures in the internal lab of Anti-Spyware-101.com, the created archives were empty, and no passwords were created to prevent victims from accessing the corrupted data. It is possible that Unlock92 Zipper Ransomware is still being developed and that it will be capable of “encrypting” data by placing a password on an archive folder in the future. The good news is that even if files were locked up, it is likely that the infection would be decryptable. If you need to remove a version of the infection that has taken your files hostage, look into free decryption solutions before you delete the threat. Note that your files will not be freed if you remove the ransomware itself.

A file called “key.vl” should be created by Unlock92 Zipper Ransomware in every folder whose files are corrupted. A ransom note file (.TXT) with a random name should be created alongside the VL file as well. The message inside the file is in Russian only, which suggests that the threat might have been created with Russian-speaking Windows users as the main target. According to the ransom note, the victim has to send the aforementioned key.vl file to cyber criminals at un92@protonmail.com. After this, instructions on how to unlock the password-protected folders should be sent, and this is when a ransom is likely to be requested in return for a 50 character password. We do not know how big this ransom might be, but even if it is small, paying money is not recommended. As discussed already, a free decryptor is likely to exist, and so there is no point in making the payment. Furthermore, you do not want to make any deals with cyber criminals. If you pay money, it is unlikely that you would get anything in return for it, and we are sure you do not want to waste your savings.

How to remove Unlock92 Zipper Ransomware

Whether or not you decrypt or unlock data, Unlock92 Zipper Ransomware removal must be performed as soon as possible. This malware could have been dropped anywhere on your operating system, and the name of the launcher is likely to be completely random. This is the main obstacle that users who decide to delete Unlock92 Zipper Ransomware manually will face. The rest of the components are likely to be found in the Startup directory as shown in the guide below. All in all, erasing this malware manually is not an easy task, and so you need to be extremely cautious about what you do. The good news is you don’t need to do anything. If you install anti-malware software, it will take care of the existing malware for you. On top of that, it will ensure that ransomware and other kinds of malware cannot invade your operating system again. This, without a doubt, is the most important thing. We also recommend backing up files in the future to ensure that they are safe even if malware corrupts original copies.

Removal Instructions

  1. Remove all recently downloaded suspicious files.
  2. Tap Win+E to launch Windows Explorer.
  3. Enter the path into the bar at the top and Delete files named Startup-random.zip, key.vl, and {random name}.txt:
    • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  4. Empty Recycle Bin.
  5. Install a trusted malware scanner.
  6. Perform a full system scan and if threats are found, delete them immediately. 100% FREE spyware scan and
    tested removal of Unlock92 Zipper Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *