Qazx Ransomware
After conducting a thorough analysis, cybersecurity experts have discovered a new variant of ransomware called Qazx. Qazx is classified as a critically dangerous threat that targets a user's system by encrypting the files on it and rendering them inaccessible.
Qazx operates by modifying the file names during the encryption process, appending the extension ".qazx" to the original names. For example, if a file is called '1.jpg,' Qazx will rename it to '1.png.qazx,' and similarly, a file named '2.png' will be renamed to '2.png.qazx,' and so forth. Additionally, Qazx creates a ransom note in the form of a '_readme.txt' file, providing payment instructions to obtain the decryption key needed to unlock the encrypted files.
It is worth noting that Qazx is a member of the STOP/Djvu Ransomware family, and it may be distributed alongside other malware such as RedLine, Vidar, or other information stealers. As a result, users must remain cautious and adopt appropriate security measures to avoid falling victim to further security or privacy risks.
Qazx Ransomware Extorts Its Victims
The ransom note provided in the '_readme.txt' file states that the encrypted files can only be decrypted using a specific tool and a unique key held by the attackers. The note further instructs victims to make a ransom payment and contact the attackers through the two email addresses provided - 'support@freshmail.top' and 'datarestorehelp@airmail.cc.'
According to the note, the ransom payment for Qazx is set at $980, which is a typical amount for a STOP/Djvu variant. Additionally, the attackers offer a discount if victims contact them within 72 hours of the encryption, allowing them to obtain the decryption tool for a reduced price of $490. It is important to note that the decryption tool is not available for free and remains under the control of the attackers.
Following the Demands of Cybercriminals may be Extremely Risky
Ransomware infectionss have become increasingly common in recent years, with cybercriminals using sophisticated techniques to encrypt victims' files and demand a ransom payment to restore access. While it may be tempting to pay the ransom and regain access to important data, experts advise against doing so for several reasons.
Firstly, there is no guarantee that paying the ransom will result in the decryption of the files. In some cases, the attackers may not have the decryption tool, or they may provide a defective one that does not work correctly. Additionally, even if the attackers do provide a working decryption tool, paying the ransom sends a message that there is a demand for such attacks, encouraging cybercriminals to continue their illegal activities.
Moreover, paying the ransom funds the attackers' operations, enabling them to continue developing and distributing malware and potentially harming other victims in the future. It also puts the victims' personal and financial information at risk, as they must provide sensitive information, such as bank details, to the attackers to make the payment.
In summary, paying the ransom should be considered a last resort, and victims should explore other options, such as restoring their files from backups or seeking assistance from cybersecurity professionals to recover their data. It is crucial to remain vigilant, keep regular backups, and adopt robust security measures to prevent ransomware infections from happening in the first place.
The full ransom note of Qazx Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-zUVSNg4KRZ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
