Wanqu is the peculiar name of a newly discovered strain of file-encrypting malware.
The new Wanqu ransomware works largely as expected. It will encrypt most files found on the victim system, leaving OS-essential files intact. Encrypted file types include most media, document, archive and database extensions.
Once encrypted, files receive the ".Wanqu" extension. This will make a file formerly called "photo.jpg" turn into "photo.jpg.Wanqu" upon encryption.
The ransomware deposits its ransom demands inside two separate files, named "RESTORE_FILES_INFO.txt" and "RESTORE_FILES_INFO.hta" respectively. The full ransom note contained in the text file goes as follows:
Many of your documents, photos, passwords, databases and other files are no longer
available as they were encrypted. You may be looking for a way to recover your files,
but don't waste your time. No one will be able to recover your files without our decryption KEY (if someone says they can do it, theywill also contact me and
I will make the price much more expensive than if you contacted directly).
DONT USE GMAIL.COM TO CONTACT US
!!!THE DATARECOVERY COMPANIES JUST WANT YOUR MONEY!!!
!!DATA RECOVERY COMPANIES WILL ONLY INCREASE THE DECRYPTION TIME!!
Can i Recover My Files?Sure. We guarantee that you can recover all your files safely and easily But You have not so enough time .As fast you pay as fastall of your data will be back as before encryption.
Send e-mail to this address: yourdata at RecoveryGroup dot at
Or contact hxxps://supportdatarecovery.cc/users.php user:Wanqu password:zVIJmqEB
You have to pay for decryption in Bitcoins.
Do not rename encrypted files.Do not try to decrypt your data using third party software, it may cause permanent data loss.Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We also have all your information to share .It is in your best interest to contact us as soon as possible.