Patrick Domingues

Victims affected by the ZQ Ransomware can have a breathe of relief due to researchers developing a free decryptor tool to decrypt files encrypted by the ZQ Ransomware.

About The ZQ Ransomware

Michael Gillespie Discovered this specific ransomware that adds a specific ZQ extension to encrypted files. The malware has infected users in the US, India, Poland, Brazil and the UK.

Once the ransomware is installed, it encrypts the victim’s files using the Salsa20 and RSA-1024 algorithms and then it will add the “.w_decrypt24@qq[.]com.zq” extension to the encrypted files.

When the encryption process is complete, the ransomware drops a ransom note named HELP_DECRYPT.txt. The ransom note includes instructions about the payment process. It also includes the contact address of the operators. Victims affected by the ransomware are required to send a message to the email address w_decrypt24@qq[.]com.

How does the decryptor work?

In order to decrypt the files, victims need to remove the malware from the system by using Malwarebytes this will prevent the ransomware from repeatedly locking the system or encrypting files again when your trying to decrypt the files.

Emsisoft has created a free decryption key for the malware – which can be downloaded from the website.

The downloaded decryption key asks for the license number before executing on the system to decrypt files that you will have to provide.

To better protect yourself from these types of incidents again you should follow the best email practices and security tips.

• Automating System Updates with Unattended-Upgrades on Ubuntu
• How to Add a Large Disk Partition as Storage in Proxmox VE
• How to Remove Radmin Viewer with PowerShell
• How to Automate Ubuntu Server System Updates and Package Installation
• Introducing Zevonix: Your Pathway to Smarter IT

Patrick Domingues

See Full Bio