QDLA Ransomware is another addition to the prolific STOP/Djvu Ransomware family. Like other associated variants, it mostly spreads via unreliable downloads, phishing emails, social engineering scams, and questionable advertising content. QDLA Ransomware’s operators are looking to extort victims for a quick payoff by locking their files and then demanding a ransom payment in exchange for file decryption. Most file types can be affected, including photos, music, documents, and videos.
After infiltrating a victim’s computer, QDLA Ransomware appends affected files with the ‘.QDLA’ suffix and drops a ransom note on the user’s desktop in the form of the ‘_readme.txt‘ document. The ransom note, which asks the victim to pay $980 for file decryption, also provides the contact information to communicate and ask hackers any questions. The victims are asked to establish communication via these emails:helpteam@mail.ch and helpmanager@airmail.cc.
Victims who respond to the hackers within 72 hours are offered a 50% discount on the ransom. Additionally, should victims contact the criminals through the emails, they will be told to send one file to the attackers to have it decrypted for free. The hackers do this to prove they can unlock the victim’s files upon paying the ransom. Although cooperating with the cybercriminals behind QDLA Ransomware may feel like the easiest way to solve your issue, you should keep in mind that they will not help you for free, and paying does not guarantee that you will see your files decrypted or even receive any decryption tools.
Dealing with the QDLA Ransomware Infection
If you get infected with QDLA Ransomware, you should scan for the related files using a reputable anti-malware tool. Additionally, to mitigate possible damages in the event of a future attack, you should keep backup copies of your valuable data in an external or a cloud drive.
