Waqq Ransomware
Waqq is a form of ransomware that encrypts files stored on the compromised device and subsequently demands a ransom from its victims. Once the encryption process is finalized, Waqq appends its own extension ('.waqq') to the original filenames. Subsequent to the encryption, the ransomware deposits a ransom note in the form of a '_readme.txt' file containing instructions on how to make the ransom payment.
To illustrate, if a file is originally named '1.jpg,' Waqq will alter it to '1.jpg.waqq' once it has been encrypted. Similar to other malware from the STOP/Djvu Ransomware family, Waqq may be distributed alongside additional malware like Vidar and RedLine, which are employed to extract sensitive information from the victim's computer illicitly.
Table of Contents
Victims of the Waqq Ransomware Lose Access to Their Files and Are Extorted for Money
The ransom note provided by the attackers contains essential information for the victims. It includes two email addresses - 'support@freshmail.top' and 'datarestorehelp@airmail.cc,' which the victims are instructed to contact within a specified 72-hour timeframe. Failure to do so would result in the ransom amount doubling from the initial demand of $490 to $980.
Furthermore, the ransom note emphasizes the vital requirement of obtaining decryption software and a unique key from the attackers to recover the encrypted files. The note does offer a glimmer of hope by mentioning that the attackers are willing to decrypt a single file for free, provided that the file does not contain critical data.
However, it is strongly advised against paying the ransom. There have been numerous cases where victims have complied with the demands, only to be left without the promised decryption tools from the cybercriminals. Paying the ransom does not guarantee that the attackers will uphold their end of the bargain.
Moreover, it is of utmost importance to promptly remove ransomware threats from infected computers. This not only halts the further encryption of files on the affected device but also prevents the spread of the threat to other devices connected to the same local network. Taking immediate action significantly reduces the risk of additional damage caused by ransomware.
Take Effectual Measures to Ensure the Safety of Your Devices and Data from Ransomware Threats
To ensure the safety of devices and data from ransomware attacks, users can take several crucial steps:
- Implement Reliable Anti-Malware Software: Install reputable anti-malware software on all devices. Keep the software updated to ensure it can effectively detect and block ransomware threats.
- Regularly Update Operating Systems and Applications: Keep your operating system and software updated by applying the latest security patches. This helps protect against vulnerabilities that ransomware can exploit.
- Exercise Caution with Email Attachments and Links: When opening email attachments or clicking on links, be, especially, from unknown or suspicious sources. Avoid downloading or opening any files or links that seem suspicious or unexpected.
- Backup Data Regularly: Regularly back up important data to an outside hard drive, cloud storage, or another secure location. Ensure that backups are performed automatically and verify the integrity of the backups periodically.
- Enable Automatic Software Updates: Enable automatic updates for the operating system and applications whenever possible. This ensures that security patches are installed promptly, reducing the risk of exploitation by ransomware.
- Be Wary of Suspicious Websites and Downloads: Exercise caution when visiting websites or downloading files from the internet. Stick to reputable sources and avoid downloading files from untrusted or suspicious websites.
- Educate Yourself and Stay Informed: Stay informed about the latest ransomware threats and techniques. Educate yourself and your team about safe browsing habits, phishing awareness, and the importance of cybersecurity practices.
By following these steps and maintaining a proactive approach to cybersecurity, users can significantly reduce the risk of falling victim to ransomware attacks and protect their devices and valuable data.
The text of the ransom note dropped by Waqq Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-6Dm02j1lRa
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
Waqq Ransomware Video
Tip: Turn your sound ON and watch the video in Full Screen mode.