Emsisoft releases a free decrypter for ZQ Ransomware - harlan4096 - 08 May 19
Quote:
Our research team has uncovered a new ransomware campaign we nicknamed ZQ. Its files have the “.[w_decrypt24@qq.com].zq” extension and the ransom note file named “{HELP__DECRYPT}.txt”
Multiple confirmed cases including victims in the United States, India, Poland, Brazil and Great Britain have been reported.
Our security team was quickly able to identify a flaw within the ransomware’s code that can be used to decrypt encrypted files — if you’re a victim of this ransomware, please follow the instructions below and DO NOT PAY the ransom.
Download the ZQ Decrypter Here
Technical details
ZQ is a ransomware that encrypts victim’s files using the Salsa20 and RSA-1024 algorithms, and adds the extension “.[w_decrypt24@qq.com].zq” to files.
The ransom note contains the following text:
Quote:All of _our files are encr_pted* to decr_pt them write me to email::w_decrypt24@qq.com
Your key:
[redacted]
Notes: To use the decrypter, you need an encrypted file and original file to decrypt. In addition, the decrypter can only decrypt up to the size of the given files. E.g., encrypted/original file pair of 100MB = only files UP TO 100MB can be decrypted. More information regarding this limitation is explained in the HOWTO guide.
Continue Reading
|