Quax0r Ransomware

The files and valuable data of computer users are under threat from another dangerous ransomware. Tracked by cybersecurity researchers as Quax0r Ransomware, this threat can affect various different file types and leave them in a completely inaccessible state. The potency of the threat is not diminished by the fact it is classified as being a variant of the already analyzed Rozbeh Ransomware. Keep in mind that it is also possible to encounter Quax0r under the name NominatusCrypto.

Once it has been activated on the breached device, the threat will activate its encryption routine. Unlike most malware of this type, however, Quax0r leaves the names of the locked files intact. Another uncommon trait of the malware is that its ransom note is displayed in a Command Prompt window. The short ransom-demanding message simply states that victims of the threat must contact the threat actors. Instead of an email address, the operators of Quax0r Ransomware leave their victims with a discord account at 'Nominatus#9251.' The note also warns affected users that restarting their account could lead to permanent loss of data.

The full text of the instructions found in the Command Prompt window is:

All files have been encrypted by NominatusCrypto ( Quax0r ) contact the creator of this virus on discord Nominatus#9251 for more information if you restart then your account will be useless! files cannot be decrypted without paying the ransom to the creator!! live or die? make your choice now!