Skip to content ↓ | Skip to navigation ↓

Here we go again – .ZZZZZ File Virus Ransomware! There has been yet another change to the infamous Locky ransomware virus. We have witnessed previous changes before, as we watched the virus morph from one Norse god to another, with versions like .Thor, .Odin, etc.

The latest of its kind was the .Aesir File Virus and that too was a fairly recent edition to this increasingly dangerous malware family. Now, it looks like the criminal masterminds behind this ransomware have come up with further “improvements” and the extension of the files the virus alters has changed to .ZZZZZ.

If nothing else, we can at least say that the hackers aren’t really keeping in with the Norse mythology theme, something we already encountered with the .Shit File extension.

Suspicions have arisen that this new version of the notorious ransomware may be using GeoIP awareness. This means that it may be targeting computers in certain countries and regions. However, that’s not to say that we’ve seen the last of the .Aesir version either. Reports have emerged about it still infecting computers to this day.

Another new feature of .ZZZZZ File Virus is the fact that it appears to act as Adware, while the encryption process is running. Victims have reported seeing ads on their screens, advertising various social media platforms.

Keep an extra eye out for incoming emails, as they still remain the prime source of these infections. In the case of .ZZZZZ, be aware of any emails titled “Order #12345678” as they are known to be spreading the newest Locky virus. The messages are designed to trick users into believing they have received confirmation of an order from certain companies. They come with an attached .zip file, which would be titled something along the lines of ‘order XYZ’ followed by your own name.

Small and medium size businesses are primarily being targeted by the hackers, as they are more likely to fall for the trap, i.e. pay the demanded ransom. We urge readers to be extremely careful, as the sender email addresses and subjects seem shockingly legit and easy to fall for.

Once the targeted files on the victim’s computer have been encrypted, the ransom demand appears, with the “requested” amount being roughly 400 USD. We do not advise you to rush into paying the ransom right away if at all, as this will not guarantee the recovery of your files. It would be wise to first try and remove the virus from your machine, before attempting anything else.

Alternative options for the decryption of your files include decryptor tools as well as possible options for restoring the deleted original copies. It’s best to consult an expert before resorting to ransom payment.

Looking to learn more about Ransomware? Click here to find out more.


daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.