QBAA Ransomware Joins the STOP/Djvu Ransomware Family
The STOP/Djvu Ransomware group continues to grow with another addition to the family – QBAA Ransomware. Like the other variants associated with the prevalent and widely used STOP/Djvu code, QBAA Ransomware renders its victims’ files inaccessible, including photos, music, documents, and video data.
QBAA Ransomware spreads via phishing campaigns, bundled software, and malicious websites like other infections from the ransomware family. Once the ransomware has infiltrated the system, the victim’s files are encrypted using the AES-256 encryption algorithm. The ransomware will then append the .QBAA extension to the encrypted files, which is where its name comes from.
Affected users will also find a ransom note on their desktop that demands as much as $980 to restore the files. According to the note, the ransom demand can be cut in half to $490 if communication via ‘helpteam@mail.ch’ or ‘helpmanager@airmail.cc’ is established within 72 hours after infection.
QBAA Ransomware operators will offer to decrypt one file for free should victims contact them to prove their ability to unlock all affected files. We, however, certainly do not recommend ever playing ball with hackers and actually paying the ransom or even establishing contact with them.
How Do I Deal with a QBAA Ransomware Attack?
We strongly suggest victims of QBAA Ransomware scan for and remove elements of this dangerous ransomware infection by leveraging a reputable malware remediation tool. You can also protect yourself from future attacks by keeping copies of your critical files on either the cloud or secure external drives.
