Eq Ransomware

The Eq Ransomware is a file-locker Trojan and a possible variant of the Globe Imposter Ransomware's family. It can lock files in varying locations with an encryption-based feature that converts documents and similar media into temporarily unreadable data. Free decryption tools may provide alternate restoration options for the victims who don't back up their work as recommended, and most anti-malware programs should remove the Eq Ransomware with little trouble.

Trojans Adding Vulgarity to Their Extortion

The Globe Imposter Ransomware, a family that makes its name off of creating symptoms that resemble those of the much more polished Globe Ransomwar RaaS operation, may have a new child for the end of the year. While malware analysts have yet to confirm the connection beyond all dispute, the Eq Ransomware's payload is heavily reminiscent of other versions of the Globe Imposter Ransomware, including the '.Gif File Extension' Ransomware, the SuddenTax Ransomware, the Kimchenyn Ransomware and the ABC Ransomware. All current builds of the Eq Ransomware's software are in an early stage and unsuitable for distributing to victims.

The Eq Ransomware's most notable mark of in-development status is the CMD window it generates while it runs, which gives away its presence to the user immediately. Otherwise, its attacks are in keeping with other versions of the Globe Imposter Ransomware, and including encrypting media (which malware experts observe targeting different locations, such as the desktop or a 'test' directory), adding 'fuck' extensions to those files, and deleting the Windows Shadow Volume Copies. The last attack is important for preventing the users from recovering by using the operating system's restore point, instead of a manual backup.

Whichever location the Eq Ransomware uses for its encrypting purposes will, also, have a new HTML page with the file-locking Trojan's ransoming directions. The only relevant information that this text gives to the victims is an e-mail address and an ID, with which they are expected to buy a decryptor from the threat actor. Although the users should avoid this high-risk solution for restoring their data if it's at all possible, malware experts don't discourage using the free sample, which could provide useful data for cyber-security researchers.

What to Do about Twitchy Trojans

The Eq Ransomware's executable is using a Twitch-themed executable that may be part of its intended distribution exploits, and users should remember that unofficial sources of freeware, torrents especially, can endanger their PCs with mislabeled and corrupted files. The full release version of the Eq Ransomware should no longer generate the Command Prompt windows that serve as symptoms of its attacks, and victims may not identify the Trojan until after it's gained access to and blocked their files. Some of the usual media at risk from harmful encryption include documents, pictures, archives, databases, spreadsheets, and even 3D modeling files like CADs.

Even in its early stage, malware experts verify that the Eq Ransomware includes a self-hibernation feature that may make it inactive temporarily, which is a feature that some threats use for evading detection by security tools. However, most AV products should identify the Eq Ransomware infections, either heuristically or as a variant of the Globe Imposter Ransomware. Having your anti-malware products quarantine or delete the Eq Ransomware as soon as possible for lowering any additional impact against your files.

The Christmas season is a lively time for illicit businesses, as well as legitimate ones. Keeping the Eq Ransomware from harvesting media and turning it into a ransom, however, shouldn't be difficult for anyone who's familiar with good backup software.