What is Ransomware?
Ransomware is one of the most questioned cyber-attack these days. It is a type of malware (malware or malicious software is a set of harmful computer programs such as Trojans, worms etc. that attack your computer and gain access to your sensitive information). Attackers encrypt the user’s data and ask for a handsome amount to release that data.
What is pcqq ransomware?
There are many types of ransomware attacks like wannacry, jigsaw etc., but pcqq is quite famous. Pcqq belongs to a ransomware family namely Djvu. Here, attackers encrypt the data of the victim, they add a pcqq extension to all filenames that reside on the victim’s computer such as “assignment.pdf” renamed to “assignment.pdf.pcqq”. Moreover, a _readme.txt file is created in each folder which demands some amount to return your data back to you. Screenshot of _readme.text is attached.
How did I get attacked by this virus?
Should I pay if I get attacked?
The answer is a big NO. You should never pay and promote the attackers, because mostly they receive the amount, and never decrypt your data. Instead you should decrypt your files using online decryptors. Sadly, .pcqq extension files are hard to decrypt, only approx. 10 files are decrypted out of 100. But, there is still a hope.
Steps to remove virus and decrypt your files:
It is preferred to perform these steps in safe mode with networking.
- Download anti-virus Malwarebytes from https://www.malwarebytes.com/mwb-download/ .
- Proceed through a free plan.
- Run a scan.
- After the scan is completed, click on quarantine and if the app asks for computer restart; ignore it for now.
- Next, click on “done” and go to “Detection history”
6. Now, check all the checkboxes and click delete
7. Furthermore, close Malwarebytes and press windows + R. Type %appdata% there and press ok
8. Select all the files and delete them. Also don’t forget to empty the recycle bin.
9. Again press windows + R and type %temp%. Select and delete all folders and empty the recycle bin.
10. Now restart your PC. If your files are encrypted with “offline key” there are chances that it can be decrypted using Emsisoft Decryptor for STOP Djvu.(You may use any other decryptor).
11. If the virus isn’t removed, then reinstall your windows.
How to protect yourself from such an attack?
As you know removal and decryption is a tiring process, therefore you should avoid it by following these steps:
- Always keep backups of your data on cloud and USB.
- Never download crack versions of software from untrusted websites.
- Don’t trust irrelevant emails that are received from unknown addresses.
- On a regular basis run a scan on your PC using anti-virus software and remove all the bugs.
Blog by Urooj Fatima.