Qoqa Ransomware

The Qoqa Ransomware belongs to the STOP/Djvu family of malware, which evil-minded actors can employ to encrypt the data of their targets. Once the ransomware infiltrates a compromised system, it triggers an encryption process that specifically targets files such as documents, PDFs, photos, images, archives, databases and various other types of data. The files encrypted by the Qoqa Ransomware will become useless and will be easily recognizable because they will have the file extension '.qoqa' appended to their names. The robustness of the encryption algorithm used by the attackers means that victims will face significant difficulty restoring their files without seeking assistance from the cybercriminals.

Some Details about the Qoqa Ransomware Attack

As another iteration of the notorious STOP/Djvu malware family, the Qoqa Ransomware follows the same pattern as others in its family. It initiates an encryption process upon infiltration of a compromised system. The encryption process targets various types of files, including documents, PDFs, photos, images, archives, databases, and more, rendering them inaccessible to the victim. The encryption algorithm employed by the attackers is robust, making it challenging for victims to recover their files without the assistance of the cybercriminals. As a result, victims often find themselves at the mercy of the attackers and compelled to pay a ransom fee to regain access to their encrypted files.

How the Attackers Try to Incentivate the Victims to Pay the Ransom

The message from the cybercriminals demands a ransom of $980 in exchange for a decryptor tool and the necessary decryption keys to unlock the victim's data. To encourage victims to act quickly, the threat actors have promised to reduce the ransom by 50% for anyone who contacts them within 72 hours of the attack. The message provides two email addresses for victims to use when contacting the attackers, support@freshmail.top and datarestorehelp@airmail.cc.
To provide the victims with its demands to decrypt de damaged data and other instructions, the Qoqa Ransomware creates a ransom note in a text file named '_readme.txt,' which has the following content:

'ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-iftnY5iBx9
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

A ransomware attck can be incredibly damaging, causing loss of data and financial deprivation. Below you will find some clues that can help you to avoid and get rid of ransomware infections:

1. Keep your software up-to-date: Regularly update your operating system and applications, as many updates include security patches that protect against known vulnerabilities.
2. Install antivirus software: A reputable antivirus program can help detect and remove ransomware from your computer. Make sure to keep your antivirus software updated as well.
3. Be cautious of emails and attachments: Be careful when opening emails and downloading attachments, especially if they are from an unfamiliar source. Cybercriminals often use email phishing scams to distribute ransomware.
4. Use strong passwords: Use complex and unique passwords for all your accounts to prevent hackers from accessing your computer or network.
5. Regularly back up your data: Make regular backups of your important files and store them in a secure location. If your machine becomes infected with ransomware, you can restore your data from a backup instead of paying the ransom.

If there's a reason to suspect that your computer has been infected with ransomware, take the following steps:

1. Disconnect from the internet: Immediately detach your PC from the Web to prevent the ransomware from spreading to other devices or networks.
2. Use antivirus software: Run a full scan of your computer using your antivirus software to detect and remove any ransomware.
3. Restore from backup: If you have a backup of your data, you can restore it to your computer once the ransomware has been removed.
4. Seek professional help: If you are unable to remove the ransomware yourself, seek help from a professional cybersecurity expert.