What is and How to Remove Dkq Ransomware

Dkq Ransomware, a member of the Dharma family, encrypts files on infected systems and appends a ".dkq" extension to their filenames. This malware alters original file names to include a unique ID and an email address belonging to the attackers, such as "[dkqcnr@cock.li]".

Ransom Note and Payment Demands

Victims of Dkq ransomware are notified of the encryption through a pop-up window and a text file named "info.txt". The ransom note instructs victims to contact the cyber criminals via email to negotiate the ransom payment in Bitcoin cryptocurrency.

The ransom note reads like the following:

All your files have been encrypted!

Don't worry, you can return all your files!
If you want to restore them, write to the mail: dkqcnr@cock.li YOUR ID 9ECFA84E
If you have not answered by mail within 12 hours, write to us by another mail:d.hanry@tutamail.com

Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins

Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Risks and Limitations

Paying the ransom does not guarantee file decryption, as cyber criminals often fail to provide decryption keys even after receiving payment. Decrypting a few files for free before payment is advised but comes with risks, including potential permanent data loss if attempted decryption fails.

Characteristics of Dharma Ransomware

Belonging to the Dharma ransomware family, Dkq encrypts both local and network-shared files but avoids critical system files to prevent rendering the infected device inoperable. It terminates processes associated with open files to ensure thorough encryption.

Persistence and Prevention

Dharma ransomware ensures persistence by copying itself to specific system paths and registering with Run keys for automatic execution on system reboot. It also deletes Volume Shadow Copies to hinder file recovery attempts.

Removing Dkq Ransomware

Removing Dkq ransomware from an infected system is crucial but does not restore encrypted files. Recovery of files is only possible from backups stored in separate locations. Prevention strategies include maintaining regular backups and using reputable antivirus software to scan for and remove threats.

Prevention Strategies and Best Practices

To prevent Dkq and similar ransomware infections, avoid opening suspicious email attachments or links and ensure software is downloaded from legitimate sources. Regularly update systems and use strong, unique passwords to protect against brute-force attacks on RDP services.

Understanding the behavior and impact of Dkq ransomware underscores the importance of cybersecurity measures such as backups, vigilant browsing habits, and reliable antivirus software. These practices are essential for protecting against evolving threats in the digital landscape.