Nqix Ransomware
The Nqix Ransomware is a file-locking Trojan from the Dharma Ransomware, a family of Ransomware-as-a-Service Trojans. The Nqix Ransomware can encrypt media permanently, change the extensions in their names and drop ransom instructions in warning messages. Victims should depend on their backups for most recovery purposes and keep anti-malware products on-hand for removing the Nqix Ransomware promptly.
When Seeing E-mail Support is a Bad Thing
Usually, seeing a helpful support address for technical help is nothing but a positive, but file-locker Trojans are turning this business service into a re-branding for their black hat industry. The Nqix Ransomware, a new derivative of the Dharma Ransomware's family, offers its supporting services for decryption – but only after damaging your files and holding them up for a ransom. Although malware experts only see samples of it in threat databases, rather than in live attacks, they have no reasons for believing that it's anything other than totally-functional.
The Nqix Ransomware – whose name could be a typoed reference to the Nginx server software – can block files by searching for formats in its whitelist and encrypting the matching ones. These targets, usually, include text documents, pictures, and other media, although semi-obscure alternatives, such as CAB files, also are possibilities. The Nqix Ransomware completes this attack by inserting a custom-tailored ID, e-mail and extension, as per standard practices for the Dharma Ransomware family, in the filename.
The Nqix Ransomware is one of many file-locker Trojans that describes its decryption help, based on extortion, as being equivalent to technical 'support.' Unfortunately, unlike legitimate technical support, no promises or legal protections are available for any victims who buy into the Nqix Ransomware's service. Malware experts recommend against paying ransoms for decryptors regularly, as long as any alternate recovery paths remain available.
Dealing with the Payloads that Want to Deal with Your Files
The Nqix Ransomware offers similar, encryption-related dangers to digital media as the other members of its usually-secure family, such as the 1BTC Ransomware, the Beets Ransomware, the Dqb Ransomware, the Php Ransomware or the Zoh Ransomware. Since decryption possibilities for this Trojan's family are very narrow, users without backups may be incapable of getting their files back to their usable, non-encrypted states. Along with this issue, malware experts confirm that the Nqix Ransomware continues using shell commands for wiping Shadow Copies, AKA the Windows Restore Points.
Windows users are recommended to keep any backups of monetary or sentimental value to them on other, less vulnerable devices, such as portable drives or cloud services. They also can reduce their likelihood of infecting their computers by staying at a safe distance from illicit downloads and scanning e-mail attachments with appropriate security software. Server admins also should maintain all suitable safety practices, such as not using a default password.
Most AV vendors are identifying the Nqix Ransomware, which, as a Ransomware-as-a-Service variant, has limited defenses for differentiating itself from the rest of its family. Users with anti-malware products active should delete the Nqix Ransomware on sight, for their files' protection.
The Nqix Ransomware is circulating with the arguably-too-honest name of 'payload2.' Since its installer isn't troubling itself to hide from those whom it attacks, victims can expect the usual drive-by-downloads and other exploits delivering it to their digital doorsteps.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.