The STOP/Djvu Ransomware family has spent the last few years making major headlines as it still is one of today’s most prolific ransomware families. The STOP/Djvu clan releases several new variants frequently, and GGWQ Ransomware is one of the many strains that have emerged from the family.
GGWQ Ransomware received its name based on the ‘.GGWQ’ suffix that it adds to encrypted files. This ransomware strain works exactly like other STOP/Djvu Ransomware family members and spreads mostly via spam emails, social engineering, and compromised websites.
The GGWQ Ransomware Experience
Users will unwittingly download GGWQ Ransomware and find that their files have been encrypted and are now inaccessible. Victims will then find a ransom note on their desktop in the form of the ‘.readme.txt’ document. In the ransom note, the cybercriminals request $980 for file decryption, but they are willing to lower the price to $490 in return for payment within 72 hours.
The hackers also provide victims with contact information in the form of two emails: restorealldata@firemail and gorentos@bitmessage.ch, and a Telegram account: @datarestore. Victims are also asked to send one file to be decrypted for free as proof that the ransomware operators can unlock the files after receiving payment.
As always, we strongly recommend that victims do not communicate with the hackers and refrain from paying any ransom, as paying does not guarantee that victims will receive a decryption tool.
Surviving a GGWQ Ransomware Attack
In general, we strongly recommend users keep backups of their files on an external drive or virtual cloud storage to mitigate the trouble caused by ransomware infections. But if you find yourself infected by GGWQ Ransomware, we recommend that you use a reputable anti-malware tool to scan for and remove the elements related to this nasty infection.
