Qapo Ransomware Goes After Popular File Types


Qapo is a variant of Djvu ransomware that our research team uncovered while examining malware samples. Once it has infiltrated a victim's computer, Qapo encrypts the files by appending the ".qapo" extension to their original filenames. For example, "1.jpg" would become "1.jpg.qapo," and "2.png" would become "2.png.qapo."

Qapo also generates a ransom note named "_readme.txt" that instructs the victims to purchase a decryption program and a unique key to regain access to their encrypted files. The attackers offer a discount of $490 for those who pay within 72 hours of the attack, and a full payment of $980 if this time limit is missed. The note also provides two email addresses, and, that the victims can contact to communicate with the cybercriminals.

It is worth noting that Qapo may be distributed alongside information stealers such as Vidar.

Qapo Ransomware Doubles Ransom After 72 Hours

The full text of the Qapo ransom note goes as follows:


Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

How Can Ransomware Like Qapo Infect Your Computer?

Ransomware like Qapo can infect a computer through various means, including malicious email attachments, fake software updates, malicious downloads from untrusted websites, and exploit kits. One of the most common methods is through phishing emails, where attackers trick users into opening an infected attachment or clicking on a link that leads to a malicious website that automatically downloads the ransomware onto the computer. Once the ransomware is downloaded and installed on the system, it encrypts the victim's files and displays the ransom note, demanding payment in exchange for the decryption key. It is essential to exercise caution when opening emails and attachments, keeping software up to date, and avoiding downloading files from untrusted sources to prevent ransomware infections.

March 15, 2023

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.