Ransomware, specifically designed to scramble e-mails of the Zimbra mail servers it attacks. It is known as Zimbra Ransomware and has been reported to be associated with several different ransomare variants which use the very same .CRYPTO file extension. Zimbra Ransomware demands the hefty sum of 3 BTC which at the time of writing this is approximately 640 USD. In addition to that, the ransomware also leaves a ransom note on the encrypted server. All users who have been affected by the Zimbra Ransomware should not pay the ransom amount and instead focus on attempting removal and file restoration from the server themselves, using instructions like the ones written in this article to help you out.
|Short Description||Attacks mail servers and encrypts .msg files asking for 3 BTC in ransom payoff.|
|Symptoms||Files are encrypted and become inaccessible. A .crypto file extension is added.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
See If Your System Has Been Affected by Zimbra Ransomware
Malware Removal Tool
|User Experience||Join our forum to Discuss Zimbra Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Zimbra Ransomware’s Distribution Methods
Zimbra Ransomware – More Information
The ransomware attacking Zimbra servers uses the .crypto extension to attack files which are e-mail message types, for example the file .msg. It uses a strong encryption to which it adds its .crypto extension after encryption, for example:
This type of added file extension is present with another Ransomware infections – a Rakhni variant.
Bleeping Computer researchers report that after encrypting data, Zimbra ransomware also displays a ransom note which shows the public key of the infected computer and the bitcoin address of the cyber-criminals:
Removing Zimbra Ransomware and Restoring Encrypted Files
In order to remove Zimbra Ransomware effectively we advise using an advanced anti-malware program, because the virus may have modified different settings of the infected machine.
However, if you want to restore your files, there are several methods that might just work for you, however they are no guarantee of successful decryption. One of them is using Kaspersky’s Rakhni decryptor in case a module from the Rakhni viruses has been used in this ransomware. You may find more information regarding removal and file restoration in the instructions below.
Manually delete Zimbra Ransomware from your computer
Note! Substantial notification about the Zimbra Ransomware threat: Manual removal of Zimbra Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.