qbx Ransomware

qbx Ransomware Image

At the end of May 2019, a new ransomware threat emerged online – the qbx Ransomware. After the initial discovery, malware experts took upon studying this new file-locking Trojan and found out that the qbx Ransomware is a variant of the popular Dharma Ransomware (also called Crysis Ransomware).

Even though it has not been validated yet, there are strong indications that the qbx Ransomware is propagated via mass spam email campaigns, corrupted pirated applications and bogus software updates. After infiltrating a host successfully, the qbx Ransomware starts scanning it. The goal of the scan is to locate the files, which will then be encrypted. After completing this step, the qbx Ransomware proceeds to encrypt the targeted data. After undergoing the qbx Ransomware's encryption process, the files original names would be altered following a pattern, which almost all Dharma Ransomware variants apply. The qbx Ransomware adds an 'id-.[btcdecoding@qq.com].qbx' extension to the affected files. Then, the qbx Ransomware will drop a ransom note by the name 'RETURN FILES.txt.' The use of all caps is to create a sense of urgency in the victims, as well as to ensure that they do not miss the note by accident. The creators of the qbx Ransomware are not very specific and do not mention what the ransom fee demanded would be. However, they urge the victim to contact them via email on 'btcdecoding@qq.com.

We advise strongly that you do not get in touch with cyber crooks. Such individuals operate in very shady ways and may end up costing you a lot of money, and you may end up with anything in return. It is extremely important to make sure you download and install a legitimate anti-spyware application and use it to clear your computer of this nasty bug.