Home Malware Programs Ransomware Rooster865qq Ransomware

Rooster865qq Ransomware

Posted: November 8, 2019

The Rooster865qq Ransomware is a file-locking Trojan that's a new version of the Maoloa Ransomware. While its media-blocking encryption is a core feature, it also can create ransom notes, change filenames, remove backups, and interfere with other programs through hidden system commands. Have your anti-malware product of preference remove the Rooster865qq Ransomware before falling back on your last secure, and preferably off-site, backup.

The Cock Crowing for Your Files at Dawn

After plundering Greek mythology with the Hermes666 Ransomware and the Hades666 Ransomware, the family of the Maoloa Ransomware is back again – but with an avian theme. Updates of this nature are highly-frequent within file-locker Trojans' families, although they can coincide with less superficial changes, particularly, to the encryption routine. The Rooster865qq Ransomware is, in many ways, staying close to the roots of its ancestors and its familial symptoms.

The Rooster865qq Ransomware's Chinese family is most of interest to the rest of the world for its imitating the symptoms of another family, the Globe Imposter Ransomware, relatively precisely. Since the Globe Imposter Ransomware is, in and of itself, a copycat of the Globe Ransomware family, these similarities provoke more than a little confusion among victims and, in some cases, even experienced cyber-security researchers. However, malware experts can verify the Rooster865qq Ransomware as being a Maoloa Ransomware variant, including the family's file-locking encryption and other properties.

Besides blocking documents and other media by encrypting them, the Rooster865qq Ransomware also issues multiple CMD commands for deleting the Shadow Volume Copies and terminating other programs. It interferes with SQL-related services, Oracle recovery features, and miscellaneous database managers. Such attacks provide the Rooster865qq Ransomware with maximum access to files and backups for blocking and deleting.

Quieting the Bird Calling for Money

The Rooster865qq Ransomware is, like nearly every other file-locking Trojan, also an extortionist. It seeks money from blocking media by leaving ransom instructions for buying a possible decryptor. In a change from past attacks, however, the Rooster865qq Ransomware uses an unusual format – an EXE or executable – instead of the more-traditional TXT, HTML or HTA. Users should avoid interactions with executables from unsafe sources since they have some risk of causing further harm to the computer or other devices frequently.

Attacks by this threat can use randomly-circulating downloads, such as torrents or fake updates from within your browser, for acquiring targets at random. Still, many versions of file-locking Trojans use more sophisticated tactics, such as brute-forcing admin logins with poor password choices, exploiting outdated software, or targeted e-mail attachments. Monitoring one's browsing experience and network infrastructure for traditional weak points can help with eliminating any exposure to this Trojan beforehand.

Since the Rooster865qq Ransomware is a Windows-based program, it shouldn't surprise readers that its executable is hiding with the name of a default Windows component. Fortunately, a clean majority of anti-malware products current to 2019 will delete the Rooster865qq Ransomware appropriately regardless of these superficial disguises.

Chinese residents are more endangered by the Rooster865qq Ransomware's family than the rest of the world, but the Rooster865qq Ransomware is merely one symptom of an overarching problem. While there remain users without backups for monetarily valuable media, there also will be criminals happily taking advantage of that unwise cyber-lifestyle.

Loading...