Azqt Ransomware is a Djvu Variant
During our analysis of malware samples, we came across the Azqt ransomware, which is part of the Djvu malware family. When this ransomware infiltrates a computer, it encrypts files and appends the ".azqt" extension to their file names. For instance, it alters "1.jpg" to "1.jpg.azqt," "2.png" to "2.png.azqt," and so on.
Azqt also generates a ransom note, which is a text document labeled "_readme.txt." Additionally, the distribution of Azqt may involve other types of malware, such as information stealers.
The note explains that all files, including images, databases, documents, and crucial data, have been encrypted using a strong and unique encryption method. It instructs victims to purchase a decryption tool and a key to regain access to their files.
The cost of obtaining the private key and decryption software is $980. However, victims can receive a 50% discount if they reach out to the cybercriminals responsible for the attack within 72 hours, reducing the price to $490. The note emphasizes that data recovery will only be possible after the payment is made.
The note provides two email addresses for communication with the attackers: support@freshmail.top and datarestorehelp@airmail.cc.
Azqt Generates Stardard Djvu Ransom Note
The complete text of the Azqt ransom note goes as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-e5pgPH03fe
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can You Protect Your Files from Ransomware Attacks?
Protecting your files from ransomware attacks is crucial to safeguard your data and prevent potential loss or extortion. Here are steps you can take to enhance your file security and reduce the risk of falling victim to ransomware:
Regular Backups:
Frequently back up your files to an external storage device or a secure cloud service.
Ensure your backups are automatic and scheduled regularly.
Store backups offline or in a location inaccessible to the network to prevent them from being compromised during an attack.
Update Software:
Keep your operating system and all software (including security software) up to date. Security updates often patch vulnerabilities that ransomware exploits.
Install Antivirus and Anti-Malware Software:
Use reputable antivirus and anti-malware software to detect and block ransomware threats.
Keep these security tools updated with the latest virus definitions.
Email Safety:
Be cautious when opening email attachments or clicking on links, especially if the email is from an unknown source.
Enable email filtering to detect and quarantine phishing emails.
Use Strong, Unique Passwords:
Employ strong and unique passwords for all accounts and devices.
Consider using a password manager to generate and store complex passwords securely.
Enable Two-Factor Authentication (2FA):
Activate 2FA whenever possible to add an extra layer of security to your accounts.
Beware of Suspicious Websites:
Avoid downloading files or software from untrustworthy websites or clicking on pop-up ads.
Use ad-blockers and script-blockers to reduce the risk of malicious ads.
