'sqqsdr01@keemail.me' Ransomware
The 'sqqsdr01@keemail.me' Ransomware is a file-locking Trojan that's an update of Creeper or the Cripper Ransomware. Like its older version, the 'sqqsdr01@keemail.me' Ransomware may block the user's files by encrypting them with an AES-based algorithm before asking for Monero cryptocurrency payments in its text note. There is no free decryption service for this threat, and all users should be diligent about backing up their files and running anti-malware programs that could delete the 'sqqsdr01@keemail.me' Ransomware as quickly and safely as possible.
A Trojan Creeps upon Your Files with New Extensions
A file-locker Trojan whose attacks began in earnest around February of 2018 is switching some of its symptoms, which, based on old behavior, may be an effort at confusing any researchers in the AV community. The 'sqqsdr01@keemail.me' Ransomware, which is almost identical to the past variants of the Creeper Ransomware and the Cripper Ransomware, changes its extensions and e-mail addresses, and, otherwise, continues using the same attacks: blocking files with the AES encryption.
The 'sqqsdr01@keemail.me' Ransomware uses the AES-256 in CBC mode with an additional, data-salting feature that encodes all of the files that it targets for locking, keeping them from opening. Although most of the filename of the associated 'captured' file remains the same, the Trojan does add a '.crypton' extension instead of the old 'creeper' or 'cripper' tags of previous versions. Somewhat significantly, malware experts also saw cases of the 'sqqsdr01@keemail.me' Ransomware using a freeware application for 'cleaning' free space, which could impede any emergency data restoration tools.
Somewhat similar to the Hidden Tear or the Scarab Ransomware families, the 'sqqsdr01@keemail.me' Ransomware also creates ransoming messages in a Notepad format, although these instructions don't display until after the above attack's completion. Its author provides a Monero-based ransom demand and a timetable, with a hard limit of six days for paying before the file-unlocking key's deletion. The usage of a cryptocurrency serves for protecting both the threat actor's identity and thwarting any attempts at refunding by the victim.
Closing Your Borders against Trojan Attacks
Interestingly, although the 'sqqsdr01@keemail.me' Ransomware uses English-based ransoming instructions exclusively, all reported victims that malware analysts can confirm are residents of Russia and adjacent regions. More details are necessary for telling how the campaign is spreading, and it could be using any of several techniques, such as torrents, exploit kits on hostile websites, or brute-force attacks. Spam e-mails also are a very well-used infection vector for file-locking Trojans of many families.
There is no public or free decryption option for the files that the 'sqqsdr01@keemail.me' Ransomware blocks, which is equally true of many, other file-locking Trojans. Saving your backups to other devices, including both network-based storage and a detachable device, always is preferable for keeping any media of value from being damaged permanently. Strong anti-malware programs also may delete the 'sqqsdr01@keemail.me' Ransomware proactively or, at a minimum, disinfect the PC and keep further encryption9 from happening.
The 'sqqsdr01@keemail.me' Ransomware and its ancestors, together, make up a much more compact family than those of most of the Trojans that malware researchers see. It may be less likely of infecting your PC than 'big name' players in the industry, such as THE Globe Ransomware, but the 'sqqsdr01@keemail.me' Ransomware's encryption is no more or less of a danger to what you save on your computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.