Emsisoft releases a free decrypter for ZQ Ransomware

ZQ Decrypter

Our research team has uncovered a new ransomware campaign we nicknamed ZQ. Its files have the “.[[email protected]].zq” extension and the ransom note file named “{HELP__DECRYPT}.txt”

Multiple confirmed cases including victims in the United States, India, Poland, Brazil and Great Britain have been reported.

Our security team was quickly able to identify a flaw within the ransomware’s code that can be used to decrypt encrypted files — if you’re a victim of this ransomware, please follow the instructions below and DO NOT PAY the ransom.

Note: The ZQ decrypter to support the “.[[email protected]].ws” variant is now available.

Emsisoft ZQ Decrypter

Emsisoft ZQ Decrypter

Technical details

ZQ is a ransomware that encrypts victim’s files using the Salsa20 and RSA-1024 algorithms, and adds the extension “.[[email protected]].zq” to files.

The ransom note contains the following text:

All of _our files are encr_pted* to decr_pt them write me to email::[email protected]
Your key:

Notes: To use the decrypter, you need an encrypted file and original file to decrypt. In addition, the decrypter can only decrypt up to the size of the given files. E.g., encrypted/original file pair of 100MB = only files UP TO 100MB can be decrypted. More information regarding this limitation is explained in the HOWTO guide.

ZQ Ransomware Decrypted

ZQ Ransomware Decrypted

Download the ZQ Ransomware Decrypter here to get started.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great (malware-free) day.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next