Emsisoft releases a free decrypter for ZQ Ransomware

Our research team has uncovered a new ransomware campaign we nicknamed ZQ. Its files have the “.[[email protected]].zq” extension and the ransom note file named “{HELP__DECRYPT}.txt”

Multiple confirmed cases including victims in the United States, India, Poland, Brazil and Great Britain have been reported.

Our security team was quickly able to identify a flaw within the ransomware’s code that can be used to decrypt encrypted files — if you’re a victim of this ransomware, please follow the instructions below and DO NOT PAY the ransom.

Note: The ZQ decrypter to support the “.[[email protected]].ws” variant is now available.

• Download the ZQ Decrypter Here

Emsisoft ZQ Decrypter

Technical details

ZQ is a ransomware that encrypts victim’s files using the Salsa20 and RSA-1024 algorithms, and adds the extension “.[[email protected]].zq” to files.

The ransom note contains the following text:

All of _our files are encr_pted* to decr_pt them write me to email::[email protected]
Your key:
[redacted]

Notes: To use the decrypter, you need an encrypted file and original file to decrypt. In addition, the decrypter can only decrypt up to the size of the given files. E.g., encrypted/original file pair of 100MB = only files UP TO 100MB can be decrypted. More information regarding this limitation is explained in the HOWTO guide.

ZQ Ransomware Decrypted

Download the ZQ Ransomware Decrypter here to get started.

Have a great (malware-free) day.