Ggwq Ransomware Uses Djvu Code

Ggwq is the name of a new strain of ransomware that is based on Djvu code. The new version joins an endless host of ransomware clones based on Djvu.

The Ggwq ransomware will encrypt the majority of the files found on a targeted system. It will affect media, archive, document and database file types. Once encrypted, files receive the ".ggwq" extension, which also serves as the name of this clone. Once encrypted, a file originally called "rainbow.jpg" will turn into "rainbow.jpg.ggwq".

The ransomware note is dropped inside a plain text file called "_readme.txt" and follows the template shared by all recent Djvu clones, word for word. The full ransom note is as follows:

ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
restorealldata at firemail dot cc
Reserve e-mail address to contact us:
gorentos at bitmessage dot ch
Our Telegram account:
@datarestore
Your personal ID: