Geeks for your information
Emsisoft releases a free decrypter for ZQ Ransomware - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: EmsiSoft (https://www.geeks.fyi/forumdisplay.php?fid=89)
+----- Forum: Emsisoft Blog Articles (https://www.geeks.fyi/forumdisplay.php?fid=140)
+----- Thread: Emsisoft releases a free decrypter for ZQ Ransomware (/showthread.php?tid=6943)



Emsisoft releases a free decrypter for ZQ Ransomware - harlan4096 - 08 May 19

Quote:
[Image: logo.svg]

Our research team has uncovered a new ransomware campaign we nicknamed ZQ. Its files have the “.[w_decrypt24@qq.com].zq” extension and the ransom note file named “{HELP__DECRYPT}.txt”

Multiple confirmed cases including victims in the United States, India, Poland, Brazil and Great Britain have been reported.

Our security team was quickly able to identify a flaw within the ransomware’s code that can be used to decrypt encrypted files — if you’re a victim of this ransomware, please follow the instructions below and DO NOT PAY the ransom.

Download the ZQ Decrypter Here

Technical details

ZQ is a ransomware that encrypts victim’s files using the Salsa20 and RSA-1024 algorithms, and adds the extension “.[w_decrypt24@qq.com].zq” to files.

The ransom note contains the following text:

Quote:All of _our files are encr_pted* to decr_pt them write me to email::w_decrypt24@qq.com
Your key:
[redacted]

Notes: To use the decrypter, you need an encrypted file and original file to decrypt. In addition, the decrypter can only decrypt up to the size of the given files. E.g., encrypted/original file pair of 100MB = only files UP TO 100MB can be decrypted. More information regarding this limitation is explained in the HOWTO guide.
Continue Reading