Cybercriminals constantly launch new cryptovirological strains and variants of existing ransomware codes into the cyberspace. In one of the latest cryptovirological discoveries, a team of malware hunters has identified a new variant of Hidden Tear Ransomware called Qinynore.
Experts are calling it a successor of Hidden tear because it is using the same method of payload delivery (email spamming). Similarly, it is also using the same encryption module to lock down the files on the targeted devices. However, the extension used by Qinynore is different from its predecessor. The files locked down by Qinynore are appended by ‘.anonymous’.
According to the ransom note (a file in Rich Text Format) that appears on the screen of the affected device after the completion of encryption activity, the attackers demand extortion money of 400 Euros in Bitcoins for providing the key for ransomware removal. The attackers also threaten to delete the lockdown files, if their ransom demands are not met within five hours after the attack.
It’s just an empty threat since ransomware strains are not capable of deleting files. The attackers are using this threat to create a sense of urgency so that affected users resort to ransom payment instead of contacting professionals for ransomware removal. Experts are still working to devise a decrypter for Qinynore ransomware meanwhile the affected users are advised to not contact the attackers.
Spam emails: the most used payload delivery method
Spam emails are used by attackers for mass delivery of the cryptovirological payload to target various devices in a single go. If you don’t want to get embroiled in ransomware removal and recovery measures after sustaining a cryptovirological attack, then open emails with caution.
- Don’t open an email attachment that contains unusual, unnecessary and random characters and symbols.
- Refrain from opening email attachments sent from unknown users.