Qnty Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 495 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 20,495 |
| First Seen: | April 24, 2015 |
| Last Seen: | September 25, 2023 |
| OS(es) Affected: | Windows |
Cybercriminals are still unleashing more and more potent ransomware threats based on the STOP/Djvu malware family. One such example is the Qnty Ransomware threat that is practically identical to all the other variants from the family. However, this fact in no way means that its disruptive potential is any less potent. Qnty Ransomware's victims will lose their access to most of the files stored on the compromised device. This means that they will no longer be able to open any of their personal documents, images, photos, videos, etc., or important business projects, archives, database and more.
All encrypted files will have '.qnty' added to their original names. Victims will be left with a ransom note in the form of a text file dropped on the system's desktop. The file will be named '_readme.txt.'
Demands Overview
The note of the threat contains many of the same details found in other STOP/Djvu malware. Victims are told that to restore their data, they will need to pay a ransom to the attackers. In exchange, they will receive a decryptor software tool and the key necessary for the decryption of the files. The price of the ransom is initially set at $980 but the attackers provide a way for their victims to cut the amount in half to $490. Apparently, the only requirement is to contact the cybercriminals at any point during the first 72 hours of the Qnty Ransomware attack.
According to the message, users can use two email addresses for communication - 'support@sysmail.ch' and 'helprestoremanager@airmail.cc.' As part of their message, victims are told that they can attach one encrypted file. If the chosen file doesn't contain any important data, it will supposedly be unlocked and sent back for free.
The full text of the note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-ZCgkPGpbjO
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@sysmail.chReserve e-mail address to contact us:
helprestoremanager@airmail.ccYour personal ID:'
