A brand new kind of a ransomware has made its way into the circles of the tech industry that has both industry experts and modest home users confused. The reason for its uniqueness in this regard is how it makes use of the GnuPG or the GPG encryption program in order to encrypt the victim’s files. Experts are clamoring to come up with a solution in order to remove ransomware of this nature but those efforts have so far gone in vain. Still at a relatively early stage, the ransomware has been named “Qwerty Ransomware”. It operates by encrypting the user’s original files while simultaneously overwriting them. Any file that is affected is then attached with a .qwerty extension.
Most of the traditional anti-ransomware programs that are designed for quick and precise ransomware removal have so far proven incapable of removing the encryptions. This Qwerty ransomware has somehow managed to turn GnuPG which is in itself a legal program into a lethal ransomware. It is a troublesome combination but it has a past history. Other ransomwares like VaultCrypt and KeyBTC have also been successfully in using GnuPG. Most of the ransomware removal techniques failed to remove them too initially as their structure and complexity is hard to detect.
Something that sets the GnuPG apart is that unlike other ransomwares, it is manually installed by the hackers who manage to gain control of the victim’s Remote Desktop Services. The ransomware and its peculiarity were first noticed by MalwareHunterTeam. Unfortunately, they were unsuccessful in their attempts to gain a full package that would’ve allowed a more holistic analysis.
The GnuPG has a gpg.exe, gnuwin32 shred.exe as well as a separate program to launch the JS file that enables a cloaking effect. This effect acts as both a shield and a ransomware re-enforcer. Ransomware removal techniques have so far failed to make a major dent in its spreading because of the manual control that hackers have over it. An automatic ransomware can be both disabled and removed. However, manual ransomware can be reinstalled anytime a hacker regains access to your computer or its remote desktop service.
For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.
