ZQ Ransomware
The ZQ Ransomware is a crypto-virus used by cybercriminals to encrypt the files on a targeted PC, rendering them inaccessible unless the victim pays a predefined ransom amount. Once the threat has launched the encryption process, it appends the ‘W_decrypt24@qq.com.zq’ extension to each encrypted file. Since this particular piece of ransomware has no specific name, it is either referred to as the ZQ Ransomware or the W_decrypt24 Ransomware.
As soon as the encryption process has concluded, the ZQ Ransomware loads a ransom note in a text file dubbed {HELP_DECRYPT}.txt, which urges the PC user to contact the malware actors for further instructions by using the provided ‘w_decrypt24@qq.com’ email account. The text of the note is at best scarce:
‘All of _our files are encr_pted* to decr_pt them write me to email::w_decrypt24@qq.com’
ImageURL: https://2.bp.blogspot.com/-X4cesQaRG6E/XKSAmhPu3aI/AAAAAAAAN3w/WxyzLTDSQaw9phyaD2GSM9cwte_D3W0ngCLcBGAs/s1600/note-edit.png'
The ZQ/W_decrypt24 Ransomware, similar to other popular ransomware strings, takes advantage of vulnerable RDP services and utilizes the potential of spam email. The ZQ Ransomware may arrive via a corrupted link, attachment, exploit kit, infected site or as part of a rogue drive-by download. After landing on a PC machine, the ZQ Ransomware creates a random executable in the TEMP folder and tampers with the Registry settings to load during system startup. The file subject to encryption include all document types and multimedia (photos, audio and video files).
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.