Home Malware Programs Ransomware Qinynore Ransomware

Qinynore Ransomware

Posted: September 24, 2018

The Qinynore Ransomware is a new version of the Hidden Tear project, a file-locker Trojan whose code is semi-publicly available free of charge. Like any HT variant, the Qinynore Ransomware endangers the media files on your PC by encrypting them automatically and keeping you from opening them. Ignore any ransoming demands from the author, use a trusted brand of anti-malware for removing the Qinynore Ransomware, and restore any data with a free decryptor or backup.

Another Mask for Hidden Tear Comes Out of Hiding

Hidden Tear, as one of the default 'budget' resources for file-locker Trojan campaigns, is re-purposed for a variety of attacks for locking digital content and, in most cases, extorting money by doing so routinely. The changes in cosmetics between different builds can be substantial, as malware experts confirm through samples like the Genocheats Ransomware, thShutUpAndDance Ransomware, the RansomMine Ransomware, or the bug-riddledMoWare H.F.D Ransomware. What communications or visual side effects the victim experiences are up to the individual threat actor, as one may see with the newest version of the Qinynore Ransomware.

The Qinynore Ransomware variant of Hidden Tear locks the user's files with the usual standard of an AES or Rijndael-based algorithm, which converts documents, images, and similar content into encrypted, non-opening versions of themselves. The Trojan also inserts 'anonymous' extensions into the names of the blocked files as part of its theme of representing itself as being affiliated with the Anonymous hacker-activist group. Readers should note that the Qinynore Ransomware isn't the first file-locker Trojan to make this attempt and there is no credible proof connecting the group or any of its members to this or similar campaigns.

Other changes in the Qinynore Ransomware's payload that malware experts outline with interest include its use of an RTF document as a ransom warning and the hijacking of the Windows desktop's background, which it swaps with an Anonymous-themed image. The threat actor is 'selling' his decryption help for four hundred Euros equivalent in Bitcoins, with an included countdown limitation of five hours. However, there is no countdown timer for current versions of the Qinynore Ransomware, which helps with separating it from the similar warnings of, for example, the Jigsaw Ransomware family.

Banishing a Masked Invader from Your Desktop

The Qinynore Ransomware, like its competition, issues warnings that imply that its author is the only person who can provide a decryption solution for your media. However, many versions of Hidden Tear are decryptable by free software, and victims should test copies of their blocked work with these utilities before attempting more costly solutions. Malware researchers also encourage using removable devices and cloud backups for keeping content safe beforehand, especially, since the Qinynore Ransomware's family has a limited capacity for harming those external storage resources.

While its file details suggest a development that goes back to 2016, the Qinynore Ransomware's discovery and analysis are recent relatively. For now, malware researchers can only provide general estimates of its possible means of compromising Windows PCs, such as spam e-mail attachments, exploit kits running on corrupted websites, or Remote Desktop-based attacks. Fortunately, numerous anti-malware products can detect and remove the Qinynore Ransomware easily, as is true with most members of the Hidden Tear family.

The danger of anonymity is that it means that con artists can abuse it just as easily as those who would use a mask for white knight purposes. The Qinynore Ransomware is another entry of many into a list showing how Anonymous's tactics aren't always a net positive, even for their members.

Loading...