Ptqw Ransomware Holds Victim Files Hostage
While examining new malware samples, we've come across a variant of ransomware known as Ptqw. This malicious software encrypts files and alters their names by appending the ".ptqw" extension. Additionally, Ptqw generates a ransom message that can be located in a file called "_readme.txt."
Ptqw alters file names in the following manner: it transforms a file like "1.jpg" into "1.jpg.ptqw" and "2.png" into "2.png.ptqw." It's important to note that Ptqw belongs to the Djvu ransomware family, and it's possible that cybercriminals might distribute it along with information-stealing malware like RedLine or Vidar.
The ransom message, left by the perpetrators, includes instructions and contact email addresses (support@freshmail.top and datarestorehelp@airmail.cc). They advise victims to reach out to them within a 72-hour timeframe to prevent the ransom amount from potentially doubling.
The initial decryption cost is set at $490. However, if the victim fails to respond within the specified time frame, the ransom amount will increase to $980. The message also emphasizes that the sole way restpre the encrypted files is by acquiring the decryption software and a unique key from the cybercriminals responsible for the attack.
Ptqw Ransom Note Demands $490
The full text of the Ptqw ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-dHFDYXqlkk
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can Ransomware Like Ptqw Infect Your System?
Ransomware like Ptqw can infect your system through various methods, with some of the common infection vectors being:
- Malicious Email Attachments: Cybercriminals often use phishing emails to distribute ransomware. They send emails that appear legitimate, with attachments like PDFs or Word documents that contain malicious macros or scripts. When you open the attachment, it executes the ransomware.
- Malicious Links: You may receive emails or messages with links that lead to infected websites or files. Clicking on these links can trigger a drive-by download, which installs the ransomware on your system without your knowledge.
- Exploiting Software Vulnerabilities: Ransomware can take advantage of unpatched or outdated software on your system. If you haven't installed security updates and patches for your operating system or software, ransomware can exploit known vulnerabilities to infiltrate your system.
- Malicious Downloads: Downloading files or software from untrustworthy sources, such as pirated software or cracked games, can expose you to ransomware. These downloads may contain hidden malware that infects your system when you run them.
- Remote Desktop Protocol (RDP) Attacks: If your RDP service is exposed to the internet with weak or default passwords, attackers may gain access to your system and deploy ransomware.
- Malvertising: Cybercriminals may use malicious advertising (malvertising) on websites to deliver ransomware. Clicking on an infected ad can trigger the download and execution of ransomware on your system.
- Infected External Devices: Ransomware can spread through infected USB drives or external storage devices. Plugging an infected device into your computer can lead to ransomware infection.
