Q1G Ransomware

Q1G Ransomware Description

At the beginning of August 2019, malware researchers spotted a brand-new ransomware threat. Its name is the Q1G Ransomware, and upon further inspection, this threat revealed to be a part of the Dharma Ransomware family. It is a common practice among cyber crooks to base one's ransomware threat on the code of already established file-encrypting Trojans.

Propagation and Encryption

Cybersecurity experts have been unable to determine with any certainty what infection vectors are involved in the propagation of the Q1G Ransomware. Some believe that the creators of this ransomware threat may be using some of the classic propagation methods – emails that contain infected attachments, bogus application updates, and pirated fake copies of legitimate software tools. If the Q1G Ransomware succeeds in compromising your PC, it will scan it to reveal the locations of the file, which this data-locking Trojan was programmed to target. Then this ransomware threat will begin encrypting all the targeted files. Upon locking a file, the Q1G Ransomware amends its filename. This Trojan adds a '.id-.[getbtc@aol.com].Q1G' extension at the end of the name of each encrypted file.

The Ransom Note

Then, the Q1G Ransomware will drop a ransom note. As this ransomware threat is a variant of the Dharma Ransomware, it has two ransom notes' FILES ENCRYPTED.txt' and 'info.hta' technically. The text file states:

’ All your data is encrypted!
for return write to mail:
getbtc@aol.com

While the '.hta' file presents the user with a window containing a message reading:

All FILES ENCRYPTED "RSA1024"
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL getbtc@aol.com
IN THE LETTER WRITE YOUR ID, YOUR ID 1E857D00
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL:getbtc@aol.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON'T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
DECRYPTION PROCESS:
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
!WARNING!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.’

The attackers never mention what ransom fee would be demanded from the victim. It appears that they expect the user to contact them via email on 'getbtc@aol.com' for further instructions. They offer the victim to send them one file, which they will decrypt free of charge, as long as its sizei not bigger than 1MB.

We recommend you to stay away from cybercriminals. They may promise you the world but will deliver it rarely, and you will likely be tricked into giving them cash without receiving anything in return. A safer option is to make sure you obtain a legitimate anti-spyware application, which will wipe off the Q1G Ransomware from your PC and will make sure to keep it safe in the future.

Do You Suspect Your PC May Be Infected with Q1G Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Q1G Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.