Unlock92 Zipper Ransomware

Unlock92 Zipper Ransomware is a new version of a threat called Unlock92 Ransomware. Our researchers are not sure whether the malware is finished yet, because the installers we located did not work correctly. For instance, the malicious program should take user’s files as hostages by placing them in ZIP archives that are supposed to be protected with passwords. Nevertheless, the installers we tested did not put any passwords or archive any data. Yet, the infection showed a ransom note claiming the user’s data is now password protected, and it can be accessed only if the user emails the malicious program’s developers. We would advise you not to pay any attention to these notes because if none of your files were affected, there is no need to do what they ask and even if Unlock92 Zipper Ransomware locks everything the cybercriminals cannot be trusted. It seems to us it would be safest to eliminate infection at once and to help users get rid of it manually we have prepared the instructions located at the end of this text.

Some of you may wonder how one might infect the system with Unlock92 Zipper Ransomware or where it could come from. Unfortunately, there is still no information on how this malicious program is being spread. However, we suspect it could be unprotected RDP (Remote Desktop Protocol) connections, malicious Spam emails, infected setup files, fake updates, and so on. As a result, we recommend avoiding potentially dangerous websites and unreliable email attachments if you have no wish to come across such a threat ever again.

If Unlock92 Zipper Ransomware would work properly, it should start creating ZIP archives with user’s files immediately after the malware appears on the system. Our researchers say the archives’ names could be more or less random and after placing data on them, the threat might replace the files it takes with small (1 byte sized) useless copies. The malware’s developers also intended for the malicious program to put passwords on all archives so the computer’s user could not open them. As we said earlier, the infection was unable to do any of this while we were researching it. Of course, there is a chance the hackers might fix the issues it may have and start distributing a new version of Unlock92 Zipper Ransomware, capable of locking user’s files.

What’s more, in each directory containing locked archives Unlock92 Zipper Ransomware should drop a randomly titled text document containing a warning. The text is written only in Russian, but our team translated it into English. The first sentence says something like: “If you want to return your files, send one small archive and file KEY.VL to e-mail: un92@protonmail.com.” The mentioned key.vl file might have the information needed to identify the infected computer and the password its user would need to unlock all the malware’s created ZIP archives. To convince the user to contact the hackers the text claims it might be impossible to find out what the right combination is without the malicious program’s developers. This could be true, and yet we would not advise following their instructions. No matter what they promise, you cannot be sure the hackers will hold on to their word.

Besides by trying to get the password users might have to gamble with their savings as we are almost one hundred percent certain the hackers will ask to pay a ransom. In case you do not want to lose your money in vain we advise removing Unlock92 Zipper Ransomware. To deal with it manually, you could use the instructions located a bit below this paragraph. The other way of eliminating it is scanning the computer with a reliable antimalware tool. No matter what you choose if you need further assistance or have questions about the malware, do not forget you can write us comments at the end of this page.

Remove Unlock92 Zipper Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Check if you can locate the malicious file downloaded before the computer got infected.
9. Right-click the suspicious file and press Delete.
10. Locate these folders:
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
11. Find randomly titled ZIP archives (e.g., startup-[random part].zip), text documents (e.g., tdefacxtusfjqybetwce.txt), and files called key.vl.
12. Right-click the listed files and select Delete.
13. Close File Explorer.
14. Empty Recycle bin.
15. Reboot the system.