Threat Database Ransomware Cndqmi Ransomware

Cndqmi Ransomware

The Cndqmi Ransomware is a new ransomware threat based on the Snatch Ransomware family. The main aspects that differentiate the Cndqmi from the other Snatch Ransomware variants are the unique extension ulilized for the encrypted files and the email addresses that the hackers use.

All of the most widely used filetypes are targeted by this ransomware threat. The Cndqmi Ransomware encrypts them by using cryptographical algorithms, and, as a result, the victims of the Cndqmi Ransomware no longer can access or use their files. The hackers demand payment of an unspecified sum to provide the victims with the required decryption tools or key for the restoration of the locked data. Every encrypted file will have '.cndqmi' appended to it as a new extension. The instructions left by the cybercriminals are dropped as a text file named 'HOW TO RESTORE YOUR FILES.TXT' in every folder that contains encrypted data. 

The ransom note is pretty short with the hackers telling the victims of the Cndqmi Ransomware to contact them on one of two email addresses - either or The e-mail's title should be the extension used for the encrypted files. Victims are also given the opportunity to send up to three files that are less than 1 MB in size for free decryption. In a rather obvious attempt to pressure affected users into contacting them, the hackers threaten that the encrypted data may be lost if they do not receive an email within 48 hours of the start of the ransomware infection.

While it manot be pleasant to lose access to your precious files suddenly, it is strongly discouraged to send any money to the hackers behind the Cndqmi Ransomware, or any ransomware threat for that matter. There is nothing preventing them to simply take the money and move on to their next malware threat.

The text of the ransom note is:

'Hello! All your files are encrypted and only I can decrypt them.

Contact me: or

Write me if you want to return your files - I can do it very quickly!

The header of letter must contain extension of encrypted files.

I'm always reply within 24 hours. If not - check spam folder, resend your letter or try send letter from another email service (like 


Do not rename or edit encrypted files: you may have permanent data loss.

To prove that I can recover your files, I am ready to decrypt any three files (less than 1Mb) for free (except databases, Excel and backups) 


! ! ! If you do not email me in the next 48 hours then your data may be lost permanently ! ! !'


Most Viewed