You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > snzh.7z > snzh.7z

Snzh.7z Apr 2026

: Creates a file named !!!_How_to_Decrypt_Files_!!!.txt or ReadMe.html in affected folders [4, 5]. Behavior :

: Scans the local network for SMB shares to encrypt mapped and unmapped network drives [5]. Technical Indicators snzh.7z

: Disconnect infected machines from the network immediately to prevent further spread [4]. : Creates a file named

: Uses vssadmin.exe to delete Volume Shadow Copies, making local recovery without a backup impossible [2, 4]. : Uses vssadmin

The file is an archive associated with the Snzh (Snooze) ransomware, a variant of the MedusaLocker ransomware family [1, 3]. It typically contains the ransomware payload or tools used by attackers to facilitate the encryption of local and network drives [2, 5]. Malware Analysis: Snzh Ransomware Malware Family : MedusaLocker (Variant: Snzh/Snooze) [1].

Keep all software and operating systems updated to patch vulnerabilities used for initial access [4].

: Modifies the Windows Registry to ensure the ransomware runs on system startup [2].

Feedback
32 out of 67 found this helpful

Tags

close button snzh.7z
scroll to top icon