Eq Ransomware
The Eq Ransomware is an encryption ransomware Trojan that was first observed in the second week of December 2018. The Eq Ransomware's initial infections came after computer users downloaded a third-party client for watching Twitch streams. The Eq Ransomware would infect the victim's computer and carry out its attack disguised as this program.
The Eq Ransomware's Attack is Carried Out by Two Versions
The Eq Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible. There are a pair of versions of the Eq Ransomware Trojan; one that adds the file extension '.fuck' to each encrypted file, and another that marks the compromised files by adding the file extension '.gsg' to each affected file. The Eq Ransomware's attack targets the user-generated files, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Once the victim's files become unusable, the Eq Ransomware delivers a ransom note in the form of an HTM file named README_BACK_FILES.htm, which contains the following ransom note:
'YOUR PERSONAL ID:
[random characters]
YOUR FILES ARE ENCRYPTED!
TO DECRYPT, FOLLOW THE INSTRUCTIONS BELOW.
To recover data you need decryptor.
To get the decryptor you should:
Send 1 crypted test image or text file or document to supportonl@cockh ||| supportonl@airmail.cc
In the letter include your personal ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files.
We can decrypt one file in quality the evidence that we have the decoder.
MOST IMPORTANT!!!
Do not contact other services that promise to decrypt your files, this is fraud on their part! They will buy a decoder from us, and you will pay more for his services. No one, except supportonl@cock.li ||| supportonl@airmail.cc, will decrypt your files.
Only supportonl@coek.li III supportonl@airmail.cc can decrypt your files.
Do not trust anyone besides supportonl@cock.li ||| supportonl@airmail.cc
Antivirus programs can delete this document and you can not contact us later.
Attempts to self-decrypting files will result in the loss of your data.'
Dealing with the Eq Ransomware Infection
PC security researchers instruct computer users to take steps to protect their data from threats like the Eq Ransomware. To do this, it is decisive to have backup copies of all data. Having copies on the cloud or an external memory device ensures that the victims of the Eq Ransomware attack can restore their data after an attack. Apart from file backups, PC security researchers recommend that computer users install an up-to-date security program.
