Posts: 13,803
Threads: 9,250
Thanks Received: 8,903 in 7,079 posts
Thanks Given: 9,584
Joined: 12 September 18
08 May 19, 16:45
Quote:
Our research team has uncovered a new ransomware campaign we nicknamed ZQ. Its files have the “.[w_decrypt24@qq.com].zq” extension and the ransom note file named “{HELP__DECRYPT}.txt”
Multiple confirmed cases including victims in the United States, India, Poland, Brazil and Great Britain have been reported.
Our security team was quickly able to identify a flaw within the ransomware’s code that can be used to decrypt encrypted files — if you’re a victim of this ransomware, please follow the instructions below and DO NOT PAY the ransom.
Download the ZQ Decrypter Here
Technical details
ZQ is a ransomware that encrypts victim’s files using the Salsa20 and RSA-1024 algorithms, and adds the extension “.[w_decrypt24@qq.com].zq” to files.
The ransom note contains the following text:
Quote:All of _our files are encr_pted* to decr_pt them write me to email::w_decrypt24@qq.com
Your key:
[redacted]
Notes: To use the decrypter, you need an encrypted file and original file to decrypt. In addition, the decrypter can only decrypt up to the size of the given files. E.g., encrypted/original file pair of 100MB = only files UP TO 100MB can be decrypted. More information regarding this limitation is explained in the HOWTO guide.
Continue Reading
Emsisoft releases a free decrypter for ZQ Ransomware
![[Image: logo.svg]](https://static.emsisoft.com/images/layout/logo.svg){kind=logo}
![[-]](https://www.geeks.fyi/images/collapse.png)
