The STOP/Djvu Ransomware Family Strikes with Another Varian – Rugi Ransomware
Since 2018 the prolific STOP/Djvu Ransomware family has released hundreds of new variants. It has fast become one of the world’s most prolific ransomware families. Qmak Ransomware happens to be yet another strain uncovered by researchers. It is referred to as Qmak based on the ‘.Qmak’ extension it adds to the affected file names. The ransomware behaves like other members of the STOP/Djvu family and encrypts files before making a ransom demand.
Qmak Ransomware looks for user-generated files to target that may be valuable to victims. These files may include databases, spreadsheets, archives, pictures, and videos. In addition, Qmak Ransomware will deliver a ransom note named “_readme.txt,” which contains information regarding the infection and the hackers’ ransom demands.
The Ransom Demand Associated with Qmak Ransomware
Qmak Ransomware’s operators promise to provide a decryption key to unlock the affected files in exchange for $980. However, they say that if victims establish communication within 72 hours after encryption, victims would get a 50% discount for the decryption key. The ransom note also instructs users to contact the criminals via the emails helpmanager@mail.ch or restoremanager@airmail.cc. Should victims contact the hackers, they willoffer to decrypt one file for free to prove they can unlock all the affected files if the victim decides to pay the ransom fee.
Surviving a Qmak Ransomware Attack
Although cooperating with hackers seems like an easy way out of the situation, we strongly advise viewers not to engage with the hackers and employ a reputable malware remediation program to scan for and rid their system of Qmak Ransomware. To prevent the loss of data in the case of another ransomware attack in the future, please consider backing up your data on an external hard drive or virtual cloud storage.
