Threat Database Ransomware 'backdata@qq.com' Ransomware

'backdata@qq.com' Ransomware

By GoldSparrow in Ransomware

The 'backdata@qq.com' Ransomware is an encryption ransomware Trojan that has been attacking computers since the final week of January 2019. The 'backdata@qq.com' Ransomware is based on a hybrid of the code of the Dharma Ransomware family and the Crysis Ransomware family, both well-known categories of ransomware Trojans. Threats that combine elements of both families first started to appear in the final months of 2018 and have been responsible for a large number of attacks. The 'backdata@qq.com' Ransomware carries out an effective ransomware attack, making the victim's files inaccessible with the objective of extracting a ransom payment from the victim. Computer users are advised to take precautions against the 'backdata@qq.com' Ransomware and similar threats so that their data does not become compromised in such attacks.

How the 'backdata@qq.com' Ransomware Attacks a Computer

When the code of two large ransomware families, Crysis and Dharma, was leaked, the criminals rushed to create new ransomware threats capable of carrying out effective ransomware attacks, encoding the victims' files with elements from Crysis while using an infrastructure and commands associated with the Dharma family of ransomware. The 'backdata@qq.com' Ransomware, like most of these threats, uses a strong encryption algorithm to make the files inaccessible, marking each file compromised by the attack by appending the file extension '.qwex' to the end of the file's name. Examples of the files that the 'backdata@qq.com' Ransomware targets in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The 'backdata@qq.com' Ransomware delivers a ransom note in the form of a text file named 'FILES ENCRYPTED.txt' after the victim's files have been encrypted, which is dropped on the infected computer's desktop. The ransom note associated with the 'backdata@qq.com' Ransomware is quite brief and simply alerts the victim of the attack and asks that the victim contact the 'backdata@qq.com' email address to receive payment instructions to recover the compromised data. It is highly recommended that computer users avoid contacting the criminals responsible for the 'backdata@qq.com' Ransomware or following any instructions in the ransom notes linked to these attacks.

Handling Threats Like the 'backdata@qq.com' Ransomware

If your data has been compromised by the 'backdata@qq.com' Ransomware attack, malware researchers strongly recommend using a security program to remove all traces of the 'backdata@qq.com' Ransomware and then restoring the data that was encrypted by the 'backdata@qq.com' Ransomware by using file backups. Unfortunately, once the 'backdata@qq.com' Ransomware has encrypted the files, they can no longer be decrypted. Because of this, backup copies that are stored on the cloud or external devices are the best way to protect your machines from threats like the 'backdata@qq.com' Ransomware.

Trending

Most Viewed

Loading...