I wrote this article to help you remove .zzzzz File Extension Ransomware. This .zzzzz File Extension Ransomware removal guide works for all Windows versions.

Are you familiar with the Locky ransomware? If you are not, you are lucky. But let`s explain. Locky is one of the most dangerous, dreaded and hard to tackle files-locking parasites out there. Nowadays we are forced to deal with countless infections each one of which more harmful than the one before. And even though more and more threats are being developed every day, the old ones don’t go out of style. Instead, their creators develop newer, better versions of them and continue using them for their malicious purposes.

Locky is one of these old infections which have too many variants to count. Each version also has its own name, such as Locky, Odin, Heimdall, Thor, Norse Gods, Aesir, famous Marvel characters, etc. The infection you are currently dealing with is Locky`s newest version and it was discovered just a couple of days ago. However, it is just as devastating as its relatives. This version does exactly what the majority of ransomware threats do. First, they enter your system undetected. Second, they encrypt all of your files. And third, they extort you for money.

There are many ways via which the ransomware could have gotten in your system. For example, through spam emails that land directly into your regular inbox. Don’t blindly open each message you receive and don’t open its attachment. Such emails are often disguised as job offers or invoices in order to fool you. Don’t be naïve. If you don’t know the person who sent it to you, you`d better delete it. Infections also get spread via Exploit Kits, freeware/shareware bundles, corrupted links/pages/ads/torrents, bogus program updates. And last but not leads, ransomware could have used the help of a Trojan to get it so we recommend your scan your machine for more malware. A reliable anti-malware program could really help you in that task as well as prevent such attacks in the future. Get one, keep it up to date and perform regular scans on your computer to be sure it is clean.

After finding a way to enter, the ransomware proceeds with step two – the encryption process. For it, it uses the RSA-2048 and AES-128 encryption algorithm and it locks all of your important files. This includes pictures, videos, music, Word documents, work-related files, etc. When the locking process is complete all these files become inaccessible to you. Your PC is unable to recognize them due to the changes the ransomware did to them. It modified their formats and added the malicious “[8_random_characters]-[4_random_characters]-[4_random_characters]-[4_random_characters]-[12_random_characters].zzzzz” extension to each one of them. Seeing this extension means that you cannot see/open/watch/listen to any of the encrypted files. The ransomware turned them into unusable empty icons.

You now see why ransomware is considered the worst possible cyber infection. It is needless to say that there might be some extremely important files among the locked one. Such a situation can make you panic really quickly. And that’s the ransomware goal: to scare you, to make you nervous because this will help it in its next step. The most important step and also the reason it has been created in the first place.

We are talking about the blackmailing process. See, while locking your precious data the ransomware creates a ransom note with payment instructions and when the encryption has finished, it displays this note to you. It is named INSTRUCTION.html, _[2_digit_number]INSTRUCTION.html and INSTRUCTION.bmp files and it reads:

$|$+$**
|+__.-
!!! IMPORTANT INFORMATION !!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about RSA and AES can be found here:
hxxp://en.wikipedia.org/wiki/RSA (cryptosystem)
hxxp://en.wikipedia.org/wiki/Advanced Encryption Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxp://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar:
4. Follow the instructions on the site.
_$+=$.$-*$$$
+*-++|| *==_*-a-
__+$|+++-$-.+

As you can see the ransomware`s main goal is your money. It has been created to get to your bank account. That’s why in encrypted your data and that’s why it wants you to panic. This has been its purpose all along. According to the note, the only way of recovering your lost data is obtaining the decryption tool by paying the ransom amount. As this version is brand new the actual ransom sum is unknown yet. However, ransomware usually asks for 1 to 3 Bitcoins which equals $730 – $2100. But money doesn’t matter here. You shouldn’t pay even if the sum was 1 cent. Why? Because it is all a scam.

How do you know that crooks will keep their end of the deal and send you a working decryptor? You cannot be sure and most of the cases they don’t send anything. They just take your money and your files remain locked. Don’t make deals with cybercriminals. The chances are you will end up with no money and no files. And not only that. The money you have paid will go directly to other malware creation. Is supporting the crooks business what you want? We highly doubt it. Not to mention that by paying, you open a door which should never be opened. The door to your private life. Don’t let crooks anywhere near you. Don’t pay them, don’t contact them, and don’t let them win.

Luckily, we have provided a removal guide below which will not only help you remove the ransomware from your system but it will also help you retrieve all of your lost data. And you don’t have to pay a cent. All you have to do is to strictly follow the steps.

.zzzzz File Extension Ransomware Uninstall

Method 1: Restore your encrypted files using ShadowExplorer
Usually, .zzzzz File Extension Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since .zzzzz File Extension Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete