Well now it begins..... I wonder if some AV vendors are finding their statements a bit ironic about how TrojanZipperPOC and Ransominator are not realistic.
I sincerely hope that this evolved organically and our attempts to demonstrate a common behavior blocker weakness did not inspire real malware writers.
Unfortunately very very few AVs correctly identify this kind of an attack because most behavior blockers just look at the offending process (7zip in this case) and consider it trusted/whitelisted, as opposed to the whole chain of events that led to 7zip being started, or what exactly 7zip was told to do.