Pigzqbqnvbu Ransomware

The Pigzqbqnvbu Ransomware is a file-locking Trojan from the Snatch Ransomware family. The Pigzqbqnvbu Ransomware can block files on Windows computers by encrypting them and delivers multiple, text ransoming messages for its decryption service. Users should recover through backups only after deleting the Pigzqbqnvbu Ransomware with anti-malware tools as soon as possible.

Slapdash Extortion from a Smaller Trojan Family

The file-locking family of the Snatch Ransomware is one of the smallest ones that remain active in 2020 and is nowhere near the prominence of RaaSes like the Scarab Ransomware, the STOP Ransomware, or even the free Hidden Tear. At least one threat actor is, however, turning the Snatch Ransomware into a semi-customized tool for extorting ransoms, with their new e-mail address dubbing it as the Pigzqbqnvbu Ransomware. The Trojan's payload is somewhat low-effort but can be just as threatening in the ways that count: IE, blocking victims' media.

The Pigzqbqnvbu Ransomware is, like many versions of the Snatch Ransomware, greater-sized than most Trojans of its kind, with a two and a half megabyte executable. Interestingly, malware researchers see samples compatible with Windows 64-bit platforms, rather than the more-common 32-bit choice. The Trojan's most essential feature is, as usual, the file-locking one, which encrypts content such as MOV movies, RTF documents, and various other media on most folders (as opposed to media-specific ones like Windows' Documents). It doesn't target the Windows operating system's directory, however.

The most hastily-implemented feature in this threat's payload is the ransom note, a text file. The Pigzqbqnvbu Ransomware uses a copy-pasted message with new e-mails for its campaign (not the same as Hceem Ransomware or the original Snatch Ransomware). However, it drops them into every single directory and sub-directory with any encrypted media. While this method does make the ransoming demand all but unmissable, it also is inefficient and amateurish from a programming point-of-view unnecessarily. Theoretically, it could lead to victims catching the Trojan in mid-attack.

Snatching Your Files Back from a Grabby Trojan

The Pigzqbqnvbu Ransomware's randomized filename and other executable characteristics offer few hints on how it's circulating. Since malware experts see no signs of the Trojan's being in-progress or non-functional, users should assume that it's a danger to their files and may block access to them indefinitely. As a means of avoiding infections, Windows users can scan their downloads with appropriate security tools, turn off macros, disabling scripts in their browsers, and use passwords that criminals can't brute-force their way past.

Although the Snatch Ransomware family is many months old, malware researchers see no vulnerabilities in its encryption routine suggestive of an upcoming freeware decryptor. Users should have backups saved in a safe place, such as a portable USB device, DVD, or cloud server, for recovering the data that the Pigzqbqnvbu Ransomware locks. In some infections, there also might be an opportunity for recovery through the Shadow Volume Copy-based repair tools – but not, unfortunately, in most file-locker Trojans' attacks.

On average, five out of every seven AV vendors can detect new variants of file-locker Trojans from major or minor families. The Snatch Ransomware is identifiable at similar rates, and malware experts recommend removing the Pigzqbqnvbu Ransomware with appropriate anti-malware tools, preferably, after downloading any database patches.

The Pigzqbqnvbu Ransomware includes a new line referring to network-attached storage in its ransoming attempts. Such a detail shows why users always should run appropriate security measures for their backups, such as robust passwords, lest a Trojan compromises the last bastion of one's digital work.