FANDOM


7zipper is a ransomware-type virus discovered by Michael Gillespie. This malware compresses files using the 7zipper program and protects the ZIP file with a password.

Behavior

This behavior is uncommon to ransomware-type viruses, since most encrypt files using either symmetric or asymmetric cryptography. In addition, this malware appends the names of encrypted files with the ".7zipper" extension (for example, "sample.jpg" is renamed to "sample.jpg.7zipper").

Payloads

Following encryption, 7zipper creates a text file ("Saiba como recuperar seus arquivos.txt"), placing it in each folder containing the compromised files.

The text file contains a short message in Portuguese, which simply encourages victims to contact cyber criminals via an email address ("zipper@email.tg") to receive help in restoring their files. Other similar viruses provide much more detail such as type of cryptography, cost of decryption, payment instructions, decryption instructions, etc. After contacting cyber criminals, further instructions regarding payment are provided. The cost for the ZIP password is currently unknown, however, cost of ransomware decryption usually fluctuates between the equivalent of $500  and $1500 in Bitcoins.

Text presented within 7zipper text file (Saiba como recuperar seus arquivos.txt):

Saiba como recuperar seus arquivos.txt text:
Sua chave é:
7zippedOWM4NjUwNmRjNmE1NGI3ZjM0NzQ1MjhiOTVlNGE1NDY=
Para recuperar seus arquivos, entre em contato pelo email enviando sua chave:
zipper@email.tg

The text translated in english:

Learn how to recover your files.txt text: 
Your key is: 
7zippedOWM4NjUwNmRjNmE1NGI3ZjM0NzQ1MjhiOTVlNGE1NDY = 
To recover your files, contact us by emailing your key: 
zipper@email.tg

Although 7zipper does not actually encrypt files, it shares many similarities with hundreds of other ransomware-type viruses such as XCryptPotatoCryptorium, and HakunaMatata.

Community content is available under CC-BY-SA unless otherwise noted.