Home Malware Programs Ransomware Qnbqw Ransomware

Qnbqw Ransomware

Posted: June 18, 2018

The Qnbqw Ransomware is a file-locking Trojan that uses a harmful data encryption for holding your documents, pictures and additional media hostage. This threat also creates text-ransoming messages for its victims and modifies the extensions on filenames, and may include other features, such as changing your desktop's wallpaper or deleting the Shadow Volume Copies. Most traditional backup strategies should protect your files from its attacks, and any qualified anti-malware application should remove the Qnbqw Ransomware automatically.

'Locked File' Problems for Russia, Again

Russia's semi-unique status as a nation whose law enforcement strategy encourages criminals to target foreign victims is continuing to erode, as malware experts see more and more releases of spyware, banking Trojans, and file-locking threats specific to that country. One recent confirmation for mid-June of this year is the Qnbqw Ransomware, which is in the live attack stage of its campaign. E-mail messages also are a likely infection vector for this Trojan, which uses a traditional algorithm for stopping the users from opening their media.

Unlike most file-locker Trojans, the Qnbqw Ransomware doesn't misrepresent its encryption method, which uses AES-256 to convert the media files on an infected PC to non-opening versions of themselves. Its name is a reference to the extension that it adds to each file's name, which is its only semi-unique attribute of note. It may or may not be using another encryption method for protecting the key it generates during this routine, and users with files in need of decrypting should contact an appropriate cyber-security specialist for further examination of the free file-unlocking possibilities.

Malware experts also are seeing the Qnbqw Ransomware creating Notepad messages soliciting ransoming negotiations, without any details regarding the payment method or amount. Any victims who can't recover their files from backups should take note of the unique-generated ID number. However, paying the ransom includes a risk of the threat actor taking the money without giving a decryptor solution back whenever the payment uses methods such as cryptocurrency or prepaid vouchers.

Unlocking a Premeditated Cure to an Old Computer Problem

While some file-locking Trojans don't include any additional security for preventing the reverse-engineering of their AES encryption, malware analysts have yet to identify whether or not this is true of the Qnbqw Ransomware, which is in limited distribution against business sector-based victims. Regardless of any chances of unlocking the Qnbqw Ransomware's files freely, users always should back their work up as a general precaution against all Trojans using similar data-encrypting, corrupting or deleting routines. In some, but not all cases, the Windows' Shadow Volume Copies also may be available for restoring your data.

Appropriate network security features and difficult-to-break login combinations are essential to preventing threats like the Qnbqw Ransomware from traveling laterally throughout multiple, network-connected PCs. Spam e-mails also could disguise the Qnbqw Ransomware's installer as being an invoice or another work-related document. Anti-malware programs using modernized threat databases should, regardless, delete the Qnbqw Ransomware or the threats capable of installing it on sight.

The Qnbqw Ransomware is an unremarkable, Windows-based Trojan that puts little effort into marketing or separating itself from its competing threats. However, its authors may very well be thinking that there's no point in adding more development time, as long as the same, old tricks continue working.

Loading...