What is Qoqa Ransomware?
During analysis of malware samples submitted to online threat databases, our research team discovered Qoqa, a ransomware program that is part of the Djvu family. Once it infiltrates a computer, it encrypts the victim's files and adds the extension ".qoqa" to their original filenames. For instance, "1.jpg" would be changed to "1.jpg.qoqa", "2.png" to "2.png.qoqa", etc. Additionally, Qoqa generates a ransom note named "_readme.txt". It's possible that Qoqa is distributed together with information stealers like RedLine or Vidar.
The ransom note explains that the victim's files can only be decrypted with a specific decryption tool and a unique key, both of which the attackers possess. They offer to sell the decryption tool for either $980 or $490, depending on whether the victim contacts them within or after 72 hours. The note also includes two email addresses (support@freshmail.top and datarestorehelp@airmail.cc) that the victim can use to contact the attackers. The attackers claim that victims can send one encrypted file for a test decryption before paying for the decryption tool.
Qoqa Follows Established Djvu Note Template
The complete text of the ransom note produced by Qoqa reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-iftnY5iBx9
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can You Protect Your Important Files From Ransomware Similar to Qoqa?
There are several steps you can take to protect your important files from ransomware attacks like Qoqa:
- Keep your operating system and software up-to-date with the latest security patches and updates.
- Install reputable anti-virus and anti-malware software and keep it updated.
- Be cautious when opening email attachments or clicking on links, especially if they are from unfamiliar sources.
- Avoid downloading software or other files from untrustworthy websites.
- Use strong, unique passwords for your accounts and change them regularly.
- Regularly backup your important files to an external hard drive or cloud storage service. This will ensure that even if your files are encrypted by ransomware, you still have access to a clean copy of them.
- Use two-factor authentication whenever possible. This will add an extra layer of security to your accounts and make it more difficult for attackers to gain access.
- Be wary of any unexpected pop-ups or system messages, especially those asking you to download or install software.
By following these steps, you can significantly reduce the risk of ransomware attacks and protect your important files from being encrypted and held for ransom.
