Home Malware Programs Ransomware .PLEASE_CONTACT_1398456099@qq_com' Ransomware

.PLEASE_CONTACT_1398456099@qq_com' Ransomware

Posted: May 31, 2019

It is not uncommon for cybercriminals to try and piggyback on the popularity of notorious cyber threats. This is the exact strategy used by the author of the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware, a low-quality file-locker that mimics the design and interface of the WannaCryptor Ransomware (WanaCrypt0r Ransomware). Thankfully, the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware is not as threatening as the latter, but it certainly should not be underestimated since it still can encrypt popular file formats and prevent users from accessing them.

The '.PLEASE_CONTACT_1398456099@qq_com' Ransomware is likely to originate from Russia since the authors use a QQ account for contact. Furthermore, the contents of the ransom note show that this might be a project made for fun since the attackers claim to have encrypted the homework of their victims – maybe they are planning on focus high school attendees? Regardless of the target group and intentions of the attacker, it is indisputable that the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware has the ability to encrypt files and make their recovery a potentially impossible task.

After the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware executes its attack, it will add the extension ‘.PLEASE_CONTACT_1398456099@qq_com’ to all encrypted files. After this step is complete, it shows the ransom message in a new window under the name ‘WanaDecrypt0r.’ As mentioned above, the window mimics the ransom note design used by the infamous WannaCry infection. The text of the ransom note is available in English, Chinese, and German – surprisingly, it does not mention a ransom amount, although the authors have provided a Bitcoin wallet address for payments.

While the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware does not seem to be a very serious project, it can still be very damaging if it manages to sneak onto an unprotected computer. Victims of the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware should not cooperate with the perpetrators since it is unlikely that they will assist them with the recovery of their files. The shortest way to proceed is to eliminate the '.PLEASE_CONTACT_1398456099@qq_com' Ransomware with the help of a trustworthy anti-virus product, and then look into alternative file recovery options.

Loading...