Pcqq encrypted

Status
Not open for further replies.
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello Sushil Das

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .pcqq has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt files.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let me know if you need assistance for any of the steps 1) or 2)
 
  • Like
Reactions: Nevi and Doctor who
D

Doctor who

New Member
Thread author
May 16, 2021
9
struppigel said:
Hello Sushil Das

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .pcqq has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt files.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let me know if you need assistance for any of the steps 1) or 2)
Click to expand...
It seems to be online key i checked through emisoft
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Your files cannot be decrypted unless you pay the criminals to get a key. But even if you pay, it's not sure that they will decrypt your files. These are criminals and not trustworthy.
 
  • +Reputation
  • Like
Reactions: Nevi and upnorth
D

Doctor who

New Member
Thread author
May 16, 2021
9
struppigel said:
Your files cannot be decrypted unless you pay the criminals to get a key. But even if you pay, it's not sure that they will decrypt your files. These are criminals and not trustworthy.
Click to expand...
One thing i saw in youtube as common that pcqq videos are made 5 or 6 days ago and there are few names of person claimed as they helped the victim are they same hacker promoting themself using instagram name in youtube comment claiming to help pcqq ransomeware victims. I tried one name and contacted him he was asking money forst to decrypt and asking money in the form of giftcard. So i blocked them. Maybe they are the hacker themself.
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Sushil Das said:
One thing i saw in youtube as common that pcqq videos are made 5 or 6 days ago and there are few names of person claimed as they helped the victim are they same hacker promoting themself using instagram name in youtube comment claiming to help pcqq ransomeware victims. I tried one name and contacted him he was asking money forst to decrypt and asking money in the form of giftcard. So i blocked them. Maybe they are the hacker themself.
Click to expand...
This is a scam. One of my colleauges has been analysing and following STOP ransomware for years now. There is no flaw that allows decryption of these files without having the key.
 
  • Like
  • +Reputation
Reactions: Nevi, upnorth and Doctor who
D

Doctor who

New Member
Thread author
May 16, 2021
9
struppigel said:
This is a scam. One of my colleauges has been analysing and following STOP ransomware for years now. There is no flaw that allows decryption of these files without having the key.
Click to expand...
Yes they are scammer. They claim that they buy key and decrypt files. How can the person create more trouble to the person who are already in trouble and seeking for help. They should be punished.
 
  • Like
Reactions: Nevi and upnorth
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
There are some legitimate companies that indeed do the negotiation and payment with the criminals. However, these would not ask for giftcards.

Is there anything else I can do for you?
 
  • Like
Reactions: Nevi, Doctor who and upnorth
D

Doctor who

New Member
Thread author
May 16, 2021
9
struppigel said:
There are some legitimate companies that indeed do the negotiation and payment with the criminals. However, these would not ask for giftcards.

Is there anything else I can do for you?
Click to expand...
Yes but they ask more money than those hacker. Now i dont care about files bcoz i am alive i can create lot of files and lot of photos i can click i can make more videos now just it taught me a life lesson i will be now more conscious to keep my files safe and backup everything.
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Alright. :) (y)

If you have no other questions, I will wrap up the thread with some infection prevention advice.

  • Regularly backup your files to a drive that is not permanently attached.
  • Keep your programs always up-to-date, including the operating system, browsers, email programs, everything that you use to interact with the web, and also your Antivirus suite.
  • Use exactly one Antivirus suite. Several will get in the way of each other, fight for resources, and potentially detect each other as malicious due to the way AV has to monitor the system.
  • Use browser plugins that prevent ads (aka adblockers) and execution of scripts, e.g., NoScript.
  • Be careful with email attachments and links. Those can potentially contain malware or lead to phishing sites.
  • Avoid using P2P software. This software is sharing files with lots of other computers. Infected files, especially worms, thrive in this environment.
  • Enable to view file extensions in file explorer, so that you can recognize double extensions. These are used by malware to trick you into executing their files, e.g. my_great_movie.mp4.exe
  • Don't use illegal software or keygens or similar. Very often they contain malware. STOP ransomware often arrives via some of these illegal tools.
 
  • Like
  • +Reputation
Reactions: Nevi, Doctor who and upnorth
D

Doctor who

New Member
Thread author
May 16, 2021
9
struppigel said:
Alright. :) (y)

If you have no other questions, I will wrap up the thread with some infection prevention advice.

  • Regularly backup your files to a drive that is not permanently attached.
  • Keep your programs always up-to-date, including the operating system, browsers, email programs, everything that you use to interact with the web, and also your Antivirus suite.
  • Use exactly one Antivirus suite. Several will get in the way of each other, fight for resources, and potentially detect each other as malicious due to the way AV has to monitor the system.
  • Use browser plugins that prevent ads (aka adblockers) and execution of scripts, e.g., NoScript.
  • Be careful with email attachments and links. Those can potentially contain malware or lead to phishing sites.
  • Avoid using P2P software. This software is sharing files with lots of other computers. Infected files, especially worms, thrive in this environment.
  • Enable to view file extensions in file explorer, so that you can recognize double extensions. These are used by malware to trick you into executing their files, e.g. my_great_movie.mp4.exe
  • Don't use illegal software or keygens or similar. Very often they contain malware. STOP ransomware often arrives via some of these illegal tools.
Click to expand...
Thanks
 
  • Like
Reactions: Nevi and struppigel
D

Doctor who

New Member
Thread author
May 16, 2021
9
struppigel said:
This is a scam. One of my colleauges has been analysing and following STOP ransomware for years now. There is no flaw that allows decryption of these files without having the key.
Click to expand...
As i already said they were scammer check youtube video how he took money again and again from victim who need help.https://youtu.be/jn4tboIc0PE
 
  • Like
Reactions: struppigel and Nevi
Status
Not open for further replies.

Similar threads

Claus
  • Locked
QQKK extension
Replies
2
Views
280
Windows Malware Removal Help & Support
Claus
Claus
david.thinguyen
    • Sad
  • Locked
Please help me "Your data is stolen and encrypted, see README_cb5e29.txt."
Replies
15
Views
875
Windows Malware Removal Help & Support
nasdaq
nasdaq
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Security News Online ransomware decryptor helps recover partially encrypted files
Replies
0
Views
1,057
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top