Ioqa Ransomware is One More Djvu Variant
Researchers recently analyzed malware samples, which led to the discovery of a new variant of ransomware called Ioqa. This ransomware belongs to the Djvu family and is designed to encrypt files on an infected system. When files are encrypted, Ioqa adds the ".ioqa" extension to the end of their original names. In addition, the ransomware generates a ransom note named "_readme.txt" that provides instructions on how to pay the ransom to obtain the decryption key. It is important to note that the Djvu ransomware family is often distributed alongside other malware such as infostealers like Vidar.
The ransom note included with Ioqa states that only a specific decryption tool and a unique key, which are possessed by the attackers, can reverse the encryption of the files. The note also provides information on how to partially pay the ransom and contact details for support (support@freshmail.top) and data restoration (datarestorehelp@airmail.cc) purposes.
According to the note, the decryption tools can be purchased for $980, but a discount of $490 is available for victims who contact the attackers within 72 hours of the encryption. It is important to remember that paying the ransom does not guarantee the recovery of encrypted files and it may only encourage attackers to continue their malicious activities.
The Ioqa Ransom Note Asks for Modest Ransom
The complete text of the Ioqa ransomware note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-vdhH9Qcpjj
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can Ransomware Variants Like Ioqa Infect Your System?
Ransomware variants like Ioqa can infect your system in a variety of ways. One common method is through email phishing campaigns where attackers send fraudulent emails with malicious links or attachments, which when opened, can download and execute the ransomware on the system.
Another method involves exploiting vulnerabilities in software or operating systems, allowing the ransomware to infiltrate the system and spread throughout the network. Ransomware can also be spread through malicious ads, social engineering tactics, or by exploiting weak passwords or unprotected remote access services.
Once a system is infected, the ransomware can begin encrypting files, and the victim may not realize their system has been compromised until they encounter a ransom note demanding payment for the decryption key.
It is important to take steps to protect against ransomware attacks, such as regularly backing up files, keeping software and operating systems up to date, and avoiding clicking on suspicious links or downloading attachments from unknown sources.
