• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Cryptovirological Discovery: EQ Ransomware

December 24, 2018Simeon Georgiev

EQ ransomware is another cryptovirological stain that has been discovered by malware hunters this week. Ransomware removal experts dissecting the strain has told us that the script injects a ‘twitchru.exe’ file into the affected system as soon as it infiltrates. The purpose of this file injection is to control and monitor the encryption in real time. On the other hand, the experts are still not sure about the encryption method used by the attackers.

According to some preliminary investigations, EQ ransomware encrypts every type of file on the targeted device and appends them with the extension ‘gsg’. Once the encryption is completed, a ransom note in HTML file format appears on the screen.  The EQ ransomware operators haven’t mentioned the extortion amount in the note. But they have offered free decryption of one file to prove that they have the decoder for complete ransomware removal.

The second part of the note is rather interesting where the attackers warn the victims to not use any security software to attempt ransomware removal and recovery because it can lead to permanent loss of data. It is, in fact, true that employing wrong decryption method on encrypted files can lead to their corruption. So instead of wrestling with locked down files on your own, it is better to go to security experts. In addition, EQ operators also ‘advise’ the victims to not contact any third-party for ransomware removal because they can rip them off.

Experts are still working to find out whether EQ deletes the Shadow Volume Copies. The deletion of these copies means the user can’t retrieve the earlier versions of the encrypted files from within the affected device.

Compromised remote desktop protocol and phishing emails are the most common distribution systems currently used by ransomware operators. So, EQ operators will also be using either of the two.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post WORMCRYPT0R Ransomware Next post How to Test Anti-Ransomware Tech

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.