Wanqu Ransomware

The Wanqu Ransomware carries a potent encryption routine that will leave the data of its victims in an unusable state. Indeed, thanks to the strong cryptographic algorithm, all of the affected documents, PDFsa, archives, databases, and other file types will be locked and restoration without the proper decryption key will be nearly impossible. All of the encrypted files will have '.Wanqu' appended to their names.

Typically, the operators of ransomware attack operations are financially motivated and the Wanqu Ransomware is not an exception. The threat delivers two identical ransom notes to the systems it has infected. One of the notes will be displayed as a pop-up window generated from a file named 'RESTORE_FILES_INFO.hta,' while the other will be contained inside a text file named 'RESTORE_FILES_INFO.txt' files

The messages claim that restoration is possible but victims will have to pay an undisclosed ransom. Only payments made in Bitcoin will be accepted by the hackers. In a rather throwaway line, the ransom notes also mention that some data has been collected from the breached devices and is now in the cybercriminals' possession. Victims can try to establish contact by messaging the 'yourdata@RecoveryGroup.at' email address or using the provided username and password to access the dedicated website of the threat actors.

The text of the ransom notes delivered by Wanqu Ransomware is:

'Hello !!!
Many of your documents, photos, passwords, databases and other files are no longer
available as they were encrypted. You may be looking for a way to recover your files,
but don't waste your time. No one will be able to recover your files without our decryption KEY (if someone says they can do it, theywill also contact me and
I will make the price much more expensive than if you contacted directly).

DONT USE GMAIL.COM TO CONTACT US

!!!THE DATARECOVERY COMPANIES JUST WANT YOUR MONEY!!!
!!DATA RECOVERY COMPANIES WILL ONLY INCREASE THE DECRYPTION TIME!!

Can i Recover My Files?Sure. We guarantee that you can recover all your files safely and easily But You have not so enough time .As fast you pay as fastall of your data will be back as before encryption.

Send e-mail to this address: yourdata@RecoveryGroup.at
Or contact hxxps://supportdatarecovery.cc/users.php user:Wanqu password:zVIJmqEB
You have to pay for decryption in Bitcoins.

ATTENTION !!!

Do not rename encrypted files.Do not try to decrypt your data using third party software, it may cause permanent data loss.Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

We also have all your information to share .It is in your best interest to contact us as soon as possible.

Key Identifier'