Victims of ZQ Ransomware can decrypt their files for free

Good news for the victims of the ZQ Ransomware, security experts at Emisisoft have released a free decryptor tool.

Good news for the victims of the ZQ Ransomware, security experts at Emisisoft have released a free decryptor tool that allows them to decrypt files for free.

ZQ Ransomware infected users in the US, India, Polland, Brazil and the UK.

The ZQ Ransomware encrypts victim’s files using the Salsa20 and RSA-1024 algorithms. The malware adds the extension “.[w_decrypt24@qq.com].zq” to the encrypted files.

The ransomware drops a ransom note “{HELP__DECRYPT}.txt” on the victims’ machines, it includes payment instructions. Victims can contact operators behind the ransomware sending a message to the email address “w_decrypt24@qq.com”.

“Below the text of the ransom note “All of _our files are encr_pted* to decr_pt them write me to email::w_decrypt24@qq.com
Your key:
[redacted]”

In order to decrypt the files, victims need to provide an encrypted file and original file to decrypt. The Decryptor tool is available at the following link:

https://www.emsisoft.com/decrypter/zq

Below the step by step procedure:

1. IMPORTANT! Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files.
2. Download the free Emsisoft Decrypter for ZQ.
3. Run the executable and confirm the license agreement when asked.
4. Click “Start” to decrypt your files. Note that this may take a while.
5. All done! Gotta crypt ’em all!

Emsisoft has recently released several tools to help victims of several ransomware, including the CryptoPokemon ransomware, the Planetary Ransomware, the Hacked Ransomware, and the PewDiePie ransomware.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, decryptor)

[adrotate banner=”5″]

[adrotate banner=”13″]