Q1G Ransomware Description
At the beginning of August 2019, malware researchers spotted a brand-new ransomware threat. Its name is the Q1G Ransomware, and upon further inspection, this threat revealed to be a part of the Dharma Ransomware family. It is a common practice among cyber crooks to base one's ransomware threat on the code of already established file-encrypting Trojans.
Propagation and Encryption
Cybersecurity experts have been unable to determine with any certainty what infection vectors are involved in the propagation of the Q1G Ransomware. Some believe that the creators of this ransomware threat may be using some of the classic propagation methods – emails that contain infected attachments, bogus application updates, and pirated fake copies of legitimate software tools. If the Q1G Ransomware succeeds in compromising your PC, it will scan it to reveal the locations of the file, which this data-locking Trojan was programmed to target. Then this ransomware threat will begin encrypting all the targeted files. Upon locking a file, the Q1G Ransomware amends its filename. This Trojan adds a '.id-
The Ransom Note
Then, the Q1G Ransomware will drop a ransom note. As this ransomware threat is a variant of the Dharma Ransomware, it has two ransom notes' FILES ENCRYPTED.txt' and 'info.hta' technically. The text file states:
’ All your data is encrypted!
for return write to mail:
While the '.hta' file presents the user with a window containing a message reading:
All FILES ENCRYPTED "RSA1024"
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL firstname.lastname@example.org
IN THE LETTER WRITE YOUR ID, YOUR ID 1E857D00
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL:email@example.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON'T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.’
The attackers never mention what ransom fee would be demanded from the victim. It appears that they expect the user to contact them via email on 'firstname.lastname@example.org' for further instructions. They offer the victim to send them one file, which they will decrypt free of charge, as long as its sizei not bigger than 1MB.
We recommend you to stay away from cybercriminals. They may promise you the world but will deliver it rarely, and you will likely be tricked into giving them cash without receiving anything in return. A safer option is to make sure you obtain a legitimate anti-spyware application, which will wipe off the Q1G Ransomware from your PC and will make sure to keep it safe in the future.
Do You Suspect Your PC May Be Infected with Q1G Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Q1G Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.