Qapo Ransomware Goes After Popular File Types
Qapo is a variant of Djvu ransomware that our research team uncovered while examining malware samples. Once it has infiltrated a victim's computer, Qapo encrypts the files by appending the ".qapo" extension to their original filenames. For example, "1.jpg" would become "1.jpg.qapo," and "2.png" would become "2.png.qapo."
Qapo also generates a ransom note named "_readme.txt" that instructs the victims to purchase a decryption program and a unique key to regain access to their encrypted files. The attackers offer a discount of $490 for those who pay within 72 hours of the attack, and a full payment of $980 if this time limit is missed. The note also provides two email addresses, support@freshmail.top and datarestorehelp@airmail.cc, that the victims can contact to communicate with the cybercriminals.
It is worth noting that Qapo may be distributed alongside information stealers such as Vidar.
Qapo Ransomware Doubles Ransom After 72 Hours
The full text of the Qapo ransom note goes as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-zUVSNg4KRZ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can Ransomware Like Qapo Infect Your Computer?
Ransomware like Qapo can infect a computer through various means, including malicious email attachments, fake software updates, malicious downloads from untrusted websites, and exploit kits. One of the most common methods is through phishing emails, where attackers trick users into opening an infected attachment or clicking on a link that leads to a malicious website that automatically downloads the ransomware onto the computer. Once the ransomware is downloaded and installed on the system, it encrypts the victim's files and displays the ransom note, demanding payment in exchange for the decryption key. It is essential to exercise caution when opening emails and attachments, keeping software up to date, and avoiding downloading files from untrusted sources to prevent ransomware infections.
