Zoqw Ransomware is Another Djvu Clone Seeking Files To Encrypt on Your PC

Our team recently discovered a ransomware belonging to the Djvu family, dubbed Zoqw. This malicious software encrypts files and adds the ".zoqw" extension to their filenames, as well as dropping the "_readme.txt" file containing a ransom note. An example of how it modifies filenames is by renaming "1.jpg" to "1.jpg.zoqw", "2.png" to "2.png.zoqw", and so forth. It is likely that this malware is distributed alongside information stealers such as Vidar or RedLine.

The ransom note states that victims cannot recover encrypted files without decryption software and a unique key only held by the attackers, which can be purchased for either $490 or $980 depending on whether contact with cybercriminals is made within or after 72 hours respectively. Cybercriminals behind Zoqw can be contacted via datarestorehelp@airmail.cc or support@freshmail.top email address, and victims are also offered free decryption of one file (not containing valuable information) before purchasing decryption tools if they wish to do so.

It is important to note that paying the ransom does not guarantee the recovery of encrypted files, and victims should be aware that they may not get their data back even after paying. Therefore, it is recommended to backup important files regularly in order to avoid such situations. Additionally, users should also ensure that their systems are up-to-date with the latest security patches and use reliable anti-virus software.

The full note used by the Zoqw ransomware reads as follows:

ATTENTION!

Don't worry, you can return all your files!

All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

hxxps://we.tl/t-N3pXlaPXFm

Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

support@freshmail.top

Reserve e-mail address to contact us:

datarestorehelp@airmail.cc

Your personal ID:

Paying the ransom money demanded by ransomware attackers does not guarantee the recovery of encrypted files. In fact, there is no guarantee that victims will get their data back even after paying. Therefore, it is not recommended to pay the ransom money as it may only encourage cybercriminals to continue their malicious activities. Additionally, paying the ransom may also lead to financial losses and other legal consequences.

It is much better to take preventive measures such as regularly backing up important files and ensuring that your system is up-to-date with the latest security patches and using reliable anti-virus software in order to avoid falling victim to ransomware attacks.