This behavior is uncommon to ransomware-type viruses, since most encrypt files using either symmetric or asymmetric cryptography. In addition, this malware appends the names of encrypted files with the ".7zipper" extension (for example, "sample.jpg" is renamed to "sample.jpg.7zipper").
Following encryption, 7zipper creates a text file ("Saiba como recuperar seus arquivos.txt"), placing it in each folder containing the compromised files.
The text file contains a short message in Portuguese, which simply encourages victims to contact cyber criminals via an email address ("firstname.lastname@example.org") to receive help in restoring their files. Other similar viruses provide much more detail such as type of cryptography, cost of decryption, payment instructions, decryption instructions, etc. After contacting cyber criminals, further instructions regarding payment are provided. The cost for the ZIP password is currently unknown, however, cost of ransomware decryption usually fluctuates between the equivalent of $500 and $1500 in Bitcoins.
Text presented within 7zipper text file (Saiba como recuperar seus arquivos.txt):
Saiba como recuperar seus arquivos.txt text: Sua chave é: 7zippedOWM4NjUwNmRjNmE1NGI3ZjM0NzQ1MjhiOTVlNGE1NDY= Para recuperar seus arquivos, entre em contato pelo email enviando sua chave: email@example.com
The text translated in english:
Learn how to recover your files.txt text: Your key is: 7zippedOWM4NjUwNmRjNmE1NGI3ZjM0NzQ1MjhiOTVlNGE1NDY = To recover your files, contact us by emailing your key: firstname.lastname@example.org