Home Malware Programs Ransomware Q1G Ransomware

Q1G Ransomware

Posted: August 5, 2019

The Q1G Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family. The Q1G Ransomware can stop media, such as Office documents or pictures, from opening, change the extensions on their names, create ransom notes, and delete some formats of backup data. Users should backup work to secure devices and have anti-malware products eliminate the Q1G Ransomware in all cases.

Trojan E-mails Getting Straight to the Point

Continuing its trend of dominating the Ransomware-as-a-Service industry by volume, the family of file-locking Trojans identifiable as both Dharma Ransomware and Crysis Ransomware has a new variant off its leash. The Q1G Ransomware's campaign shows signs of being a novice-level operation, although malware experts see no reasons why that would hamper its data-damaging functions. Attacks by this threat, like other family members, remain capable of blocking documents, and most other media, in perpetuity.

The locking method of the Q1G Ransomware's family includes both AES and RSA encryption for stopping each file from opening, with preferential targets consisting of Word or PDF docs, JPG or BMP pictures, archives, etc. Throughout this procedure, the Q1G Ransomware includes an identifying label, the 'Q1G' extension, which it appends for identifying the hostage media and setting itself apart from the countless, similar Trojans.

Victims can find either TXT or HTA format messages in the Trojan's payload that provide ransom instructions. While malware experts recommend against paying, as with any file-locking Trojan, the Q1G Ransomware's credentials do offer a minor characteristic of note. The Trojan leaves behind little doubt of the for-profit nature of its enterprise by asking for negotiations in e-mail over an AOL address that directly references Bitcoin. This cryptocurrency is a favorite of criminals using Trojans of this classification since the transactions offer little to no refunding potential for ripped-off victims.

Trimming Unnecessary Bitcoin Expenses Out of Your Life

Many of the Q1G Ransomware's features are uninspiring retreads of old attacks from the Crysis Ransomware family, which includes innumerable variants, from the Php Ransomware and the Dqb Ransomwa to the much-older Supermagnet@india.com Ransomwa athe 'amagnus@india.com' Ransom. Unfortunately, uncreativity isn't a handicap with file-locking Trojans, and malware researchers are verifying some risks, such as wiping the Shadow Volume Copies, that remain present in this version of the family. These attacks can block users from media recovery through any means other than a secure, offsite backup.

Since reversing the Q1G Ransomware's encryption is a questionably-available solution, preventing infections becomes vital for your files' wellbeing especially. Appropriate steps worth taking include disabling macros, scanning downloads (especially torrent, e-mail, and social message-delivered ones), and disabling your browser's JavaScript and Flash. The anti-malware programs of most brands can delete the Q1G Ransomware, like most variants of Crysis Ransomware, with few issues.

The coins that the Q1G Ransomware's threat actor hopes of warning are up in the hands and decision-making processes of its victims. Windows users who take good care of their files will avoid paying a price that's even worse than losing money: loss of peace of mind.

Loading...