Qdla Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 8,924 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 3,674 |
| First Seen: | November 10, 2021 |
| Last Seen: | September 18, 2023 |
| OS(es) Affected: | Windows |
Cybercriminals are deploying a new threatening ransomware variant from the extremely prolific STOP/Djvu malware family. The newly detected threat is named Qdla Ransomware and it operates in a similar fashion to all the other ransomware variants of the STOP/Djvu Ransomware family. It aims to infect the targeted devices and then run a strong encryption routine, rendering most of the files stored there inaccessible and usable.
The hackers then demand to be paid a hefty ransom from victims who wish to restore their private or corporate information. Typically, the ransomware operators promise to provide the victim with the specific decryption key and related software tool. Qdla Ransomware is no different.
As part of the encryption, the threat will mark the files it locks by modifying their original names. More specifically, each encrypted file will have '.qdla' appended to its name as a new file extension. When all targeted file types have been processed, Qdla Ransomware will create a new text file named '_readme.txt' on the compromised device. This file carries the threat's ransom note.
Qdla Ransomware's Demands
The ransom note delivered by Qdla is virtually identical to the ransom-demanding messages of the other STOP/Djvu threats. It makes the same demands of receiving exactly $980 from its victims. The offer to reduce that amount in half is also present. Apparently, the only requirement is for the affected users to contact the attackers during the first 72 hours of the ransomware infection. Two email addresses are provided for that purpose - 'manager@mailtemp.ch' and 'helprestoremanager@airmail.cc.' Finally, the note also mentions that victims can send 1 single encrypted file with no important information that will then supposedly be unlocked for free.
The full text of the ransom note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-W7mpKFSSv2
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
manager@mailtemp.chReserve e-mail address to contact us:
helprestoremanager@airmail.ccYour personal ID:'
