Zimbra Ransomware Reported to Attack Zimbra Mail Servers - How to, Technology and PC Security Forum | SensorsTechForum.com

Zimbra Ransomware Reported to Attack Zimbra Mail Servers

emailing-key-code-zimbra-ransowmare-sensorstechforumRansomware, specifically designed to scramble e-mails of the Zimbra mail servers it attacks. It is known as Zimbra Ransomware and has been reported to be associated with several different ransomare variants which use the very same .CRYPTO file extension. Zimbra Ransomware demands the hefty sum of 3 BTC which at the time of writing this is approximately 640 USD. In addition to that, the ransomware also leaves a ransom note on the encrypted server. All users who have been affected by the Zimbra Ransomware should not pay the ransom amount and instead focus on attempting removal and file restoration from the server themselves, using instructions like the ones written in this article to help you out.

Threat Summary

NameZimbra Ransomware
Short DescriptionAttacks mail servers and encrypts .msg files asking for 3 BTC in ransom payoff.
SymptomsFiles are encrypted and become inaccessible. A .crypto file extension is added.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Zimbra Ransomware


Malware Removal Tool

User ExperienceJoin our forum to Discuss Zimbra Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Zimbra Ransomware’s Distribution Methods

In order to be widespread and infect servers, the ransomware may be spread in a rather clever way, using obfuscators to get past defenses. In addition to those, the Ransomware may not spread directly, but take a rather indirect approach. This means that either an Exploit Kit, JavaScript or a Trojan which is tailor made for the targeted server may be used to download the malware’s files onto the infected server.

Zimbra Ransomware – More Information

The ransomware attacking Zimbra servers uses the .crypto extension to attack files which are e-mail message types, for example the file .msg. It uses a strong encryption to which it adds its .crypto extension after encryption, for example:


This type of added file extension is present with another Ransomware infections – a Rakhni variant.

Bleeping Computer researchers report that after encrypting data, Zimbra ransomware also displays a ransom note which shows the public key of the infected computer and the bitcoin address of the cyber-criminals:

“Hello, If you want to unsafe your files you should send 3 btc to {key address for bitcoin} and an email to [email protected] with:

Removing Zimbra Ransomware and Restoring Encrypted Files

In order to remove Zimbra Ransomware effectively we advise using an advanced anti-malware program, because the virus may have modified different settings of the infected machine.

However, if you want to restore your files, there are several methods that might just work for you, however they are no guarantee of successful decryption. One of them is using Kaspersky’s Rakhni decryptor in case a module from the Rakhni viruses has been used in this ransomware. You may find more information regarding removal and file restoration in the instructions below.

Manually delete Zimbra Ransomware from your computer

Note! Substantial notification about the Zimbra Ransomware threat: Manual removal of Zimbra Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Zimbra Ransomware files and objects
2.Find malicious files created by Zimbra Ransomware on your PC
3.Fix registry entries created by Zimbra Ransomware on your PC

Automatically remove Zimbra Ransomware by downloading an advanced anti-malware program

1. Remove Zimbra Ransomware with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Zimbra Ransomware in the future
3. Restore files encrypted by Zimbra Ransomware
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.