- ZQ ransomware uses Salsa20 and RSA-1024 algorithms to encrypt victims’ files.
- The malware has infected users in the US, India, Poland, Brazil and the UK.
Victims affected by the ZQ ransomware can breathe a sigh of relief, as researchers develop a free decryptor tool to decrypt files encrypted by the ransomware.
About ZQ ransomware
ZQ is a ransomware that adds a specific extension to encrypted files. This file-locking malware was discovered by a security researcher Michael Gillespie. The malware has infected users in the US, India, Poland, Brazil and the UK.
Once the ransomware is installed, it encrypts the victim’s files using the Salsa20 and RSA-1024 algorithms. After that, it adds “.w_decrypt24@qq[.]com.zq” extension to the encrypted files.
When the encryption process is complete, the ransomware drops a ransom note named HELP_DECRYPT.txt. The ransom note includes instructions about the payment process. It also includes the contact address of the operators. Victims affected by the ransomware are required to send a message to the email address w_decrypt24@qq[.]com.
How does the decryptor work?
In order to decrypt the files, victims are first required to remove the malware from the system. This prevents the ransomware from repeatedly locking the system or encrypting files.
Researchers at Emsisoft have created a free decryption key for the malware - which can be downloaded from the website.
The downloaded decryption key asks for the license number before executing on the system to decrypt files.