Zipp3rs Ransomware is a New Xorist Clone Targeting Files for Encryption

During our analysis of new malware submissions, we came across Zipp3rs, a malicious program classified as ransomware, belonging to the Xorist ransomware family.

On our testing system, Zipp3rs encrypted files and added a ".zipp3rs" extension to their names. For instance, a file named "1.jpg" became "1.jpg.zipp3rs" after being encrypted. This ransomware also displayed a pop-up window and a text file named "HOW TO DECRYPT FILES.txt" containing ransom notes in Portuguese that were identical. Zipp3rs' ransom note informs the victim that their data and backups have been encrypted and sets a deadline for the victim to contact the cyber criminals for file decryption.

The note also cautions against renaming or deleting encrypted files, which could result in permanent data loss, though it does not explicitly mention this.

Zipp3rs Ransom Note Written in Portuguese

The full text of the brief Zipp3rs ransom note reads as follows:

Todos Dados/Backups foram criptografados
a unica forma de obter os dados em seu perfeito estado
entrar em contato no Email: blymer@xyzmailpro.com
prazo max para o contato 09/05/2023 12:00 ID-424316
(N = NãO)

• N delete arquivos trancados
• N não renomeie os arquivos trancados .zipp3rs
• N não poste esta mensagem em nenhum site
  nem denuncie pois podem bloquear este email.

How Can You Protect Your System from Ransomware Infections Like Zipp3rs?

There are several steps you can take to protect your system from ransomware infections like Zipp3rs:

• Install and regularly update reliable antivirus software: Antivirus software can help identify and remove known ransomware threats.
• Keep your operating system and software up to date: Software updates often include security patches that address vulnerabilities that can be exploited by ransomware.
• Be cautious when opening email attachments and downloading files: Only open attachments and download files from trusted sources, and be wary of unsolicited emails or unexpected attachments.
• Backup your data regularly: In the event of a ransomware attack, having a recent backup of your data can be invaluable. Make sure to store your backups in a secure location and test your backups regularly to ensure they can be restored if needed.
• Use strong, unique passwords: Strong passwords can help prevent unauthorized access to your system and reduce the risk of a ransomware attack.
• Disable macros in Microsoft Office files: Ransomware often uses macros in Office files to infect systems, so disabling macros can help reduce the risk of an attack.