Threat Database Ransomware QuakeWay Ransomware

QuakeWay Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: June 26, 2017
Last Seen: April 18, 2018
OS(es) Affected: Windows

The QuakeWay Ransomware is a ransomware Trojan that is designed to encrypt the victims' files, as a way to demand ransom payments from them. The QuakeWay Ransomware takes the victims' files hostage and then demands a payment to provide the decryption key required to recover the affected files. PC security analysts advise computer users to refrain from paying the QuakeWay Ransomware ransom.

This QuakeWay Leads to the Installation of a Threat on Your PC

The QuakeWay Ransomware is written using the AutoIt computer language. The QuakeWay Ransomware is designed to target individual computer users (rather than businesses or Web servers). The most common way of distributing the QuakeWay Ransomware is by delivering it through a corrupted spam email attachment. When the victim downloads the email attachment, the document will use corrupted scripts and macros to download and install the QuakeWay Ransomware onto the victim's computer. The email messages used to distribute threats like the QuakeWay Ransomware will use social engineering techniques, such as impersonating emails from a bank or a credible business (in an attempt to trick the victim into opening the attached file).

How the QuakeWay Ransomware Attack Works

There is little to differentiate the QuakeWay Ransomware from other ransomware Trojans. The QuakeWay Ransomware will scan the infected computer in search for certain file types, looking for file types with certain extensions. After encrypting them, the QuakeWay Ransomware will display a ransom note, which demands a ransom payment from the victim. The QuakeWay Ransomware's ransom note is dropped on the infected computer's Desktop in a text file named '__iWasHere.txt.' This file demands that the victim contacts the con artists at the email address 'quakeway@mail.ru' to receive the decryption key to recover the affected files.

The QuakeWay Ransomware Ransom Note

Since the QuakeWay Ransomware uses a combination of the RSA and AES encryption algorithms, it is not possible to recover the files encrypted by the QuakeWay Ransomware attack currently. The QuakeWay Ransomware will mark the files encrypted by the attack with the file extension '.org,' which will be added to each file the QuakeWay Ransomware manages to compromise. In its attack, the QuakeWay Ransomware will target the user-generated files, which may include media files, audio, video, photos, and a wide variety of file types associated with software such as Libre Office, Microsoft Office, Adobe Photoshop, 7Zip, Adobe Acrobat, AutoCAD, etc. After encrypting the victim's files, the QuakeWay Ransomware demands a ransom payment by dropping a text file on the infected computer. The full text of the QuakeWay Ransomware ransom note reads:

'===> Your files content changed to unreadable content to you and your PC, For restore operation send an email to quakeway@mail.ru and send your UID came bellow as mail subject you will get back all of your files by instruction as our reply.
===> WARNING !!!Dont be stupid to delete this TXT file(or any change on your locked folder),else YOUR FILES WILL BE CORRUPT AND CANNOT BE RESTORED ANYWAY! EVEN BY INSERT TRUE CODE !
===> ATTENTION !!This is not a Ransomware. We don't need your money Just wanna care you and upgrade your security.
Your System UID for email it is -->> [EDITED]: [EDITED] <-- We answer it during 7 days.'

Dealing with the QuakeWay Ransomware Infection

PC security researchers strongly advise computer users to refrain from paying the QuakeWay Ransomware ransom. There is no guarantee that the people responsible for the QuakeWay Ransomware attack will deliver the decryption key necessary to recover the affected files. Furthermore, paying the QuakeWay Ransomware ransom simply enables the people responsible for the QuakeWay Ransomware attack to continue creating these infections. Instead of paying the QuakeWay Ransomware ransom, you should have file backups on an external memory device. The ability to recover the files encrypted in the QuakeWay Ransomware attack is the best protection against the QuakeWay Ransomware and other ransomware Trojans that may use a similar strategy to attack your computer.

SpyHunter Detects & Remove QuakeWay Ransomware

File System Details

QuakeWay Ransomware may create the following file(s):
# File Name MD5 Detections
1. File.exe 82e1295d92903394972cd466e9c04062 0

Trending

Most Viewed

Loading...