How to delete Zaps ransomware

How to delete Zaps ransomware

Zaps ransomware is the most recent file-encrypting malware from the Djvu/STOP ransomware family. The Djvu gang has released hundreds of ransomware versions, all of which can be differentiated by the extensions they add to encrypted files. This particular ransomware adds .zaps, hence why it’s called Zaps ransomware. It’s a serious malware infection that encrypts files, and currently, it’s not possible to decrypt them for free. Only if there is a backup available will it be possible to recover files.


Zaps ransomware is essentially identical to Irjg, Nqsq, Tisc, and Rigd ransomware, as they all come from the same STOP/Djvu malware family. There are hundreds of versions, all more or less the same. They can be differenced by the extensions they add to encrypted files. This particular ransomware adds .zaps. For example, image.jpg would become image.jpg.zaps. All your personal files will have this extension because ransomware usually targets photos, videos, images, documents, etc.

As soon as the ransomware is done encrypting, a _readme.txt ransom note will be dropped in all folders containing encrypted files. As is explained in the note, files have been encrypted and need to be run through a decryptor to recover them. The decryptor is being sold for $980, or $490 if contact is made within the first 72 hours. Paying may seem like a good option for those without backup but it’s quite risky. While whether you pay the ransom is your decision, you should be aware of the risks. The biggest reason for advising against paying the ransom is that there are no guarantees that a decryptor will be sent. Remember that you are dealing with cybercriminals, and they are unlikely to feel an obligation to help. Unfortunately, many victims have paid in the past but received nothing in return.

You will not have any issues with recovering files if you have a backup. You can start file recovery as soon as you delete Zaps ransomware from your computer. However, you need to make sure that the ransomware is fully gone before accessing your backup because otherwise, those files would become encrypted as well.

The situation is more complicated if you haven’t backed up files prior to the ransomware infection. What you can do is back up encrypted files and wait for a free decryptor to become available. While it may not be available at the moment, it could get released sometime in the future. There is a free Djvu/STOP decryptor developed by Emsisoft but it will only work on versions released before 2019, which, unfortunately, includes Zaps ransomware. Check NoMoreRansom for a free decryptor from time to time.

Ransomware distribution methods

Ransomware mostly infects computers of users with bad browsing habits, which include opening unsolicited email attachments, clicking on ads when browsing high-risk websites, pirating through torrents, falling for fake virus alerts, etc. If you want to avoid malware infections in the future, you need to develop better browsing habits.

Malicious email attachments are one of the most common ways ransomware infects computers. Malicious actors purchase thousands of email addresses, write up a semi-legitimate email, attach a malicious file, and send it out. As long as the malware files remain unopened, the emails are harmless. However, the moment the file is opened, the malware can initiate. To avoid opening these emails, it’s important to learn how to recognize malicious emails. Fortunately, cybercriminals and scammers make it quite easy to differentiate between legitimate and malicious emails. For example, the emails are full of grammar/spelling mistakes. Senders pretend to be contacting users as representatives from a legitimate company whose services users use but their emails contain loads of grammar mistakes. Generally, grammar mistakes are viewed as unprofessional, thus official emails will rarely have them. Another sign that an email may be malicious is if you are addressed in generic terms like “User”, “Member”, “Customer”, etc. If a company whose services you use sends you an email, your name will always be used to address you. Otherwise, it would look unprofessional. Malicious emails can also be more sophisticated, though it’s usually reserved for specific targets. Therefore, as a precaution, we recommend scanning all unsolicited email attachments with anti-virus software or VirusTotal before opening them, just as a precaution.

Torrent platforms are a great way to spread malware because they are badly moderated, and cybercriminals can easily upload malicious content disguised as a torrent. Malicious software is often found in torrents for movies, video games, TV series, software, etc. It’s especially common for recently-released popular content torrents to contain torrents. For example, torrents for the widely popular TV series Squid Game probably contain a lot of malware. You are likely already aware of this but downloading copyrighted content for free via torrents is not only essentially stealing content, but it’s also dangerous for the computer.

Another way users end up with malware is by clicking on ads and downloading whatever is hidden behind the ad, aka malware. It’s especially dangerous to interact with ads on high-risk websites, such as those that have pornography or pirated content. We also recommend installing an adblocker to block the potentially dangerous ads.

Zaps ransomware removal

Ransomware is one of the more complex malware infections, hence why it’s not recommended to delete Zaps ransomware manually. This could lead to even more damage to the computer, or the ransomware could be removed incorrectly. If you have backup and you access it while the ransomware is still present, those backed-up files would become encrypted as well. It’s highly recommended to use anti-malware software to remove Zaps ransomware, and only then access your backup.

Unfortunately, if you don’t have a backup, your options are very limited. The only option is to wait for a free decryptor, which may or may not be released in the future. Nonetheless, we recommend backing up the files and waiting for a free decryptor. It should also be mentioned that there are a lot of fake decryptors out there and downloading them could lead to more malware infections. When looking for free decryptors, only trust legitimate sources like NoMoreRansom.

Site Disclaimer is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.