Warning about Ransomware Sqpc, belonging to STOP / Djvu

Sqpc adds its special .sqpc extension to all files. For example, the video.avi file, will be modified to video.avi.sqpc. As soon as the encryption is successful, Sqpc creates a special file _readme.txt, and adds it to all the directories containing the modified files.

Sqpc is similar to ransomware: Muslat, Ferosas, Neras. It encrypts all common file types. Therefore, users cannot use their own documents or photos. Sqpc adds its special .sqpc extension to all files. For example, the video.avi file, will be modified to video.avi.sqpc. As soon as the encryption is successful, Sqpc creates a special file "_readme.txt", and adds it to all directories containing the modified files.

Main information about Sqpc ransomware

Ransomware family DJVU / STOP  ransomware File extension .sqpc Ransom From $ 490 to $ 980 (Bitcoin) Contact helpmanager@mail.ch, helpdatarestore@firemail.cc Trojan Detect: Win32 / Androm.DSK! MTB, Troj / Qbot- FS, Trojan.Win32.Zenpak.aaka Symptoms Your files (photos, videos, documents) have the .sqpc extension and you cannot open it

Sqpc uses AES-256 encryption, encryption with specific decryption key, this key is unique and does not have any other copy. This means that you will not be able to recover the data without the decryption key.

If Sqpc works in online mode, you cannot have access to the AES-256 key. This key is stored on a remote server, owned by the people who created Sqpc.

To receive the decryption key, victims are encouraged to contact the Sqpc creator via email helpmanager@mail.ch or Telegram and will be charged $ 980. The _readme.txt file indicates that the computer owner must contact the Sqpc representative within 72 hours from the time the file is encrypted. Under this condition, users will receive a 50% refund (only $ 490). However, do not pay for Sqpc. Try other data backups or the Decrypter tool (decryption tool).

Picture 1 of Warning about Ransomware Sqpc, belonging to STOP / Djvu
Example of file encrypted by Sqpc

The specificity of these viruses is to apply the same actions to create a unique decryption key to recover encrypted data. 

Another specific action of Sqpc ransomware is to change the hosts file. It adds an additional entity of the Microsoft update server to the hosts file, which makes the computer unable to receive Windows updates, which can be very important for ransomware. An update may set some files, system settings (changed by ransomware) to default.

Therefore, unless ransomware is still in the development phase or possesses some vulnerabilities, manual recovery of encrypted data is something you cannot do. The only solution to preventing the loss of your valuable data is to regularly back up important files, which can make ransomware operations difficult.

Note that even if you maintain such backups regularly, they should still be placed in a specific location not on your computer, and not connected to your main computer.

Sqpc ransomware can invalidate backups in many ways. The most common is to encrypt the backup file and inject the .exe file. Both are usually found only in cases where backups are needed to restore the system, but you can easily avoid this anyway.

For example, backups can be stored on a USB or external hard drive or online data storage service.

According to some reports, Sqpc ransomware can also delete or disable backups created using a proprietary Windows tool. It's hard to save this backup function, so using a different backup creation tool would be much easier.

Also, be very careful when using the backup method using OneDrive. It starts the backup creation process without any notice of this. Therefore, it is difficult to avoid this process. And because of a backup override (the new one is on the old one), your OneDrive backup may be filled with Sqpc-encrypted ransomware files, so you'll lose the ability to use this backup to system recovery.

Obviously, saving backups on the same computer infected with Sqpc ransomware will cause it to be encrypted similar to other data files, so you should not store a backup of your device locally. Use the methods mentioned above.

What to do when infected with Sqpc?

Use Malwarebytes Anti-Malware to scan and remove Sqpc ransomware. Or you can download the tool that Howtofix suggests as GridinSoft Anti-Malware, install and scan your computer. 

After Sqpc ransomware has been removed, download Emsisoft Decryptor for STOP Djvu, install and decrypt encrypted files.

Finally, be careful of everything you are about to click, download, and carefully read the options while installing the software to avoid being infected by ransomware, malicious computer viruses.

Update 12 May 2020
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile