Qazx Ransomware Locks Victim Files
Qazx is a type of ransomware that belongs to the Djvu family. Its main purpose is to encrypt files on the victim's computer and demand a payment for the decryption tools. Recently, while examining malware samples on the VirusTotal website, we stumbled upon Qazx. It's worth mentioning that Qazx may also come along with other types of malware such as RedLine or Vidar.
When Qazx encrypts a file, it adds the ".qazx" extension to the original filename. For example, "1.jpg" will be renamed to "1.jpg.qazx", and "2.png" will become "2.png.qazx". Additionally, the ransomware drops a ransom note, which can be found in a file named "_readme.txt". The note confirms that the files have been encrypted, and to restore them, the victim needs to purchase the decryption software and a unique key. The decryption tools cost $980, but if the victim contacts the attackers within 72 hours, they can avail of a 50% discount, reducing the price to $490.
The attackers highlight the importance of payment to restore the files and even offer to decrypt one file for free. The ransom note provides two email addresses that the victim can contact the threat actors through: support@freshmail.top and datarestorehelp@airmail.cc.
Qazx Uses Standard Djvu Note
The complete text of the Qazx ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-zUVSNg4KRZ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can Ransomware Like Qazx Get On Your Computer?
Ransomware like Qazx can get on your computer in several ways, including:
- Email phishing: Cybercriminals often send emails with malicious attachments or links that, when clicked, download and install the ransomware on the victim's computer.
- Malicious websites: Visiting malicious websites or clicking on pop-up ads can also lead to the installation of ransomware on the victim's computer.
- Exploit kits: Exploit kits are software tools that exploit vulnerabilities in a victim's computer to download and install ransomware.
- Software vulnerabilities: Outdated software on a victim's computer can be exploited by cybercriminals to install ransomware.
- Social engineering: Cybercriminals may use social engineering tactics to trick victims into downloading and installing ransomware, such as posing as a legitimate software update or a trustworthy entity.
It's important to always keep your computer and software up-to-date, use antivirus software, and be cautious when opening emails or clicking on links from unknown sources to reduce the risk of ransomware infection.
