Nqix Ransomware
Recently, malware experts spotted a brand-new ransomware threat. This data-encrypting Trojan is named the Nqix Ransomware. Once researchers inspected the threat, they discovered that it is a variant of the Dharma Ransomware.
Infection and Encryption
It is not yet clear what are the specific infection vectors that have been employed in the propagation of the Nqix Ransomware. Some speculate that the authors of the Nqix Ransomware may have used spam email campaigns, alongside bogus application updates, and fake pirated copies of legitimate software as these are among the most popular methods of spreading ransomware threats. When Nqix Ransomware compromises your PC, it will kick off the attack with a brief scan of your files. The scan's goal is to locate the files, which will be locked during the encryption process. Then the Nqix Ransomware will start locking the targeted data. The Nqix Ransomware appends a '.id-
The Ransom Note
The next step is the dropping of the ransom note. The Nqix Ransomware's ransom note is likely called 'FILES ENCRYPTED.txt' or 'info.hta.' The note reads:
’All FILES ENCRYPTED "RSA1024"
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL support@qbmail.biz
IN THE LETTER WRITE YOUR ID, YOUR ID 1E857D00
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL:support@qbmail.biz
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON’T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
DECRYPTION PROCESS:
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
!WARNING!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.’
The attackers fail to disclose what the ransom fee demanded is. However, they offer the user to decrypt one file for free (provided that it is no larger than 1MB), as proof that they have the decryption key. The authors of the Nqix Ransomware give out an email address where they can be contacted – 'support@qbmail.biz.'
We do not recommend you to contact cybercriminals, let alone pay them. A much safer approach in this situation is to obtain a reputable anti-virus application and use it to wipe off the Nqix Ransomware from your system. Then, you can try to recover some of the lost files by using a third-party data recovery tool.
