DWQS Ransomware Joins the Ever Growing STOP/Djvu Ransomware Family
The STOP/Djvu Ransomware family continues to make major headlines as it grows to be one of the most prolific ransomware families globally. It is said that the STOP/Djvu clan releases several new variants every week, and DWQS Ransomware is one of the many variants that have emerged to join the family.
DWQS Ransomware received its name from the ‘.DWQS’ suffix that it adds to the encrypted files. This ransomware strain works just like the other STOP/Djvu Ransomware family members. The same applies to the program’s distribution as DWQS Ransomware spreads mostly via spam emails, social engineering, and compromised websites.
The DWQS Ransomware Experience
Users will unwittingly download DWQS Ransomware, and suddenly, they will find their files encrypted and inaccessible. As mentioned, affected files will have the ‘.DWQS’ suffix, and victims will find a ransom note on their desktop in the form of the ‘.readme.txt’ document. In the ransom note, the cybercriminals request $980 for file decryption, but they are willing to lower the price to $490 in return for payment within 72 hours.
The hackers also provide victims with contact information in the form of two emails (restorealldata@firemail and firstname.lastname@example.org), and a Telegram account (@datarestore). Victims are asked to send one file to be decrypted for free as proof that the ransomware operators can unlock the files after receiving payment.
As always, we strongly recommend that victims do not communicate with the hackers and refrain from paying any ransom, as paying does not guarantee that victims will receive a decryption tool.
Surviving a DWQS Ransomware Attack
In general, we strongly recommend users keep backups of their valuable files to mitigate the trouble caused by ransomware infections. But if you find yourself infected by DWQS Ransomware, we recommend that you use a reputable anti-malware tool to scan for and remove the elements related to this nasty infection.