Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Zimbra Ransomware Reported to Attack Zimbra Mail Servers

emailing-key-code-zimbra-ransowmare-sensorstechforumRansomware, specifically designed to scramble e-mails of the Zimbra mail servers it attacks. It is known as Zimbra Ransomware and has been reported to be associated with several different ransomare variants which use the very same .CRYPTO file extension. Zimbra Ransomware demands the hefty sum of 3 BTC which at the time of writing this is approximately 640 USD. In addition to that, the ransomware also leaves a ransom note on the encrypted server. All users who have been affected by the Zimbra Ransomware should not pay the ransom amount and instead focus on attempting removal and file restoration from the server themselves, using instructions like the ones written in this article to help you out.

Threat Summary

Name Zimbra Ransomware
Type Ransomware
Short Description Attacks mail servers and encrypts .msg files asking for 3 BTC in ransom payoff.
Symptoms Files are encrypted and become inaccessible. A .crypto file extension is added.
Distribution Method Spam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Zimbra Ransomware

Download

Malware Removal Tool

User Experience Join our forum to Discuss Zimbra Ransomware.

Zimbra Ransomware’s Distribution Methods

In order to be widespread and infect servers, the ransomware may be spread in a rather clever way, using obfuscators to get past defenses. In addition to those, the Ransomware may not spread directly, but take a rather indirect approach. This means that either an Exploit Kit, JavaScript or a Trojan which is tailor made for the targeted server may be used to download the malware’s files onto the infected server.

Zimbra Ransomware – More Information

The ransomware attacking Zimbra servers uses the .crypto extension to attack files which are e-mail message types, for example the file .msg. It uses a strong encryption to which it adds its .crypto extension after encryption, for example:

e-mail_message_file.msg.crypto

This type of added file extension is present with another Ransomware infections – a Rakhni variant.

Bleeping Computer researchers report that after encrypting data, Zimbra ransomware also displays a ransom note which shows the public key of the infected computer and the bitcoin address of the cyber-criminals:

“Hello, If you want to unsafe your files you should send 3 btc to {key address for bitcoin} and an email to mpritsken@priest.com with:
—–BEGIN PUBLIC KEY—–
{PUBLIC KEY HERE}
—–END PUBLIC KEY—–“

Removing Zimbra Ransomware and Restoring Encrypted Files

In order to remove Zimbra Ransomware effectively we advise using an advanced anti-malware program, because the virus may have modified different settings of the infected machine.

However, if you want to restore your files, there are several methods that might just work for you, however they are no guarantee of successful decryption. One of them is using Kaspersky’s Rakhni decryptor in case a module from the Rakhni viruses has been used in this ransomware. You may find more information regarding removal and file restoration in the instructions below.

Manually delete Zimbra Ransomware from your computer

Note! Substantial notification about the Zimbra Ransomware threat: Manual removal of Zimbra Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Zimbra Ransomware files and objects
2.Find malicious files created by Zimbra Ransomware on your PC
3.Fix registry entries created by Zimbra Ransomware on your PC

Automatically remove Zimbra Ransomware by downloading an advanced anti-malware program

1. Remove Zimbra Ransomware with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Zimbra Ransomware in the future
3. Restore files encrypted by Zimbra Ransomware
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.