Threat Database Ransomware Dqb Ransomware

Dqb Ransomware

By GoldSparrow in Ransomware

Another variant of the Dharma Ransomware family, the Dqb Ransomware is yet another locker ransomware. Dharma has been around for a while, but no reliable decryptor tools have been developed for it thus far. The Dqb Ransomware is named after the extension it appends to the locked files. Apart from a unique "victim ID," the files are appended with the attacker's email address and ".dqb." For example, a file called "abc.xyz" would be renamed to something like "abc.xyz.id_2349DSFH$i24u.[btcdecoding@qq.com].dqb." The Dqb Ransomware also adds a ransom note called "RETURN_FILES.txt" to the desktop and affected folders. Like other malware from the Dharma Ransomware family, it also shows a pop-up window that contains more details about the ransom.

Why the Dqb Ransomware is Threatening

The Dqb Ransomware is similar to most ransomware in how it is spread. The attackers use spam emails, fake download links, and corrupted files bundled inside torrents to deploy the malware onto a system and run it. The Dqb Ransomware uses the "RSA-1024" encryption method to lock files. Presently, there is no known method of decrypting files encrypted with RSA encryption unless the encryption key is known.

Sample Ransom Note:
'All your data is encrypted!
for return write to mail:
btcdecoding@qq.com or btcdecoding@qq.com

Sample Pop-up Window Note:
'All FILES ENCRYPTED "RSA1024"
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL btcdecoding@qq.com
IN THE LETTER WRITE YOUR ID, YOUR ID
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL: btcdecoding@qq.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON’T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
DECRYPTION PROCESS:
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
!WARNING!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Protecting Yourself from the Dqb Ransomware

First and foremost: Backup your system regularly. Once a device is infected with the Dqb Ransomware or any other data-locker malware, the chances of recovering your data are pretty non-existent. Verify the source of any file you plan on downloading from the Internet. If you are downloading an email attachment, double-check the sender's email to make sure it is someone you recognize. Even if the attached file is included in genuine email correspondence, you should make sure the attachment makes sense in the context of the email content. Sometimes malware attaches files to an email without the sender realizing it.

Another common method for the distribution of malware is to bundle a corrupted file with torrents. Never download torrents from undisclosed sources or run any executable contained in one. Absolutely do not use a work or other device with sensitive data to download torrents. Finally, installing a good anti-virus or anti-malware tool, and keeping it updated regularly is important. Most operating systems ship with protective software but they are only as good as their virus definitions. These are updated daily and should be downloaded as they come out.

My Device Has Been Infected. What do I do Now?

If a device is infected with the Dqb Ransomware or any other malware, the most reliable way of removing the threat is to format the affected disk completely. A single infected file left behind can spread the malware to the rest of the system once again quickly. You can try using one of the malware removal tools available online to remove malware, but it may be an impossible task to recover the encrypted data without an encryption key. Currently, there is no known method for recovering files encrypted by Dqb Ransomware. Under no circumstances should you ever reach out to attackers or try to pay a ransom. There is minimal to no chance of them honoring their end of the deal once a ransom is paid. Bitcoin transactions are untraceable, and will usually lead to further demands from the attackers, or they might disappear after collecting the amount.

In some cases, paying the ransom could open you up to further attacks and compromised systems.

Trending

Most Viewed

Loading...