Pcqq encrypted

Status
Not open for further replies.

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
511
Hello Sushil Das

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .pcqq has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt files.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let me know if you need assistance for any of the steps 1) or 2)
 
  • Like
Reactions: Nevi and Sushil Das

Sushil Das

New Member
Thread author
May 16, 2021
9
Hello Sushil Das

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .pcqq has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used. For variants with an online key you cannot decrypt files.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Please let me know if you need assistance for any of the steps 1) or 2)
It seems to be online key i checked through emisoft
 
  • Like
Reactions: Nevi

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
511
Your files cannot be decrypted unless you pay the criminals to get a key. But even if you pay, it's not sure that they will decrypt your files. These are criminals and not trustworthy.
 
  • +Reputation
  • Like
Reactions: Nevi and upnorth

Sushil Das

New Member
Thread author
May 16, 2021
9
Your files cannot be decrypted unless you pay the criminals to get a key. But even if you pay, it's not sure that they will decrypt your files. These are criminals and not trustworthy.
One thing i saw in youtube as common that pcqq videos are made 5 or 6 days ago and there are few names of person claimed as they helped the victim are they same hacker promoting themself using instagram name in youtube comment claiming to help pcqq ransomeware victims. I tried one name and contacted him he was asking money forst to decrypt and asking money in the form of giftcard. So i blocked them. Maybe they are the hacker themself.
 
  • Like
Reactions: Nevi

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
511
One thing i saw in youtube as common that pcqq videos are made 5 or 6 days ago and there are few names of person claimed as they helped the victim are they same hacker promoting themself using instagram name in youtube comment claiming to help pcqq ransomeware victims. I tried one name and contacted him he was asking money forst to decrypt and asking money in the form of giftcard. So i blocked them. Maybe they are the hacker themself.
This is a scam. One of my colleauges has been analysing and following STOP ransomware for years now. There is no flaw that allows decryption of these files without having the key.
 

Sushil Das

New Member
Thread author
May 16, 2021
9
This is a scam. One of my colleauges has been analysing and following STOP ransomware for years now. There is no flaw that allows decryption of these files without having the key.
Yes they are scammer. They claim that they buy key and decrypt files. How can the person create more trouble to the person who are already in trouble and seeking for help. They should be punished.
 
  • Like
Reactions: Nevi and upnorth

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
511
There are some legitimate companies that indeed do the negotiation and payment with the criminals. However, these would not ask for giftcards.

Is there anything else I can do for you?
 

Sushil Das

New Member
Thread author
May 16, 2021
9
There are some legitimate companies that indeed do the negotiation and payment with the criminals. However, these would not ask for giftcards.

Is there anything else I can do for you?
Yes but they ask more money than those hacker. Now i dont care about files bcoz i am alive i can create lot of files and lot of photos i can click i can make more videos now just it taught me a life lesson i will be now more conscious to keep my files safe and backup everything.
 
  • Like
Reactions: Nevi

struppigel

Moderator
Verified
Staff member
Well-known
Apr 9, 2020
511
Alright. :) (y)

If you have no other questions, I will wrap up the thread with some infection prevention advice.

  • Regularly backup your files to a drive that is not permanently attached.
  • Keep your programs always up-to-date, including the operating system, browsers, email programs, everything that you use to interact with the web, and also your Antivirus suite.
  • Use exactly one Antivirus suite. Several will get in the way of each other, fight for resources, and potentially detect each other as malicious due to the way AV has to monitor the system.
  • Use browser plugins that prevent ads (aka adblockers) and execution of scripts, e.g., NoScript.
  • Be careful with email attachments and links. Those can potentially contain malware or lead to phishing sites.
  • Avoid using P2P software. This software is sharing files with lots of other computers. Infected files, especially worms, thrive in this environment.
  • Enable to view file extensions in file explorer, so that you can recognize double extensions. These are used by malware to trick you into executing their files, e.g. my_great_movie.mp4.exe
  • Don't use illegal software or keygens or similar. Very often they contain malware. STOP ransomware often arrives via some of these illegal tools.
 

Sushil Das

New Member
Thread author
May 16, 2021
9
Alright. :) (y)

If you have no other questions, I will wrap up the thread with some infection prevention advice.

  • Regularly backup your files to a drive that is not permanently attached.
  • Keep your programs always up-to-date, including the operating system, browsers, email programs, everything that you use to interact with the web, and also your Antivirus suite.
  • Use exactly one Antivirus suite. Several will get in the way of each other, fight for resources, and potentially detect each other as malicious due to the way AV has to monitor the system.
  • Use browser plugins that prevent ads (aka adblockers) and execution of scripts, e.g., NoScript.
  • Be careful with email attachments and links. Those can potentially contain malware or lead to phishing sites.
  • Avoid using P2P software. This software is sharing files with lots of other computers. Infected files, especially worms, thrive in this environment.
  • Enable to view file extensions in file explorer, so that you can recognize double extensions. These are used by malware to trick you into executing their files, e.g. my_great_movie.mp4.exe
  • Don't use illegal software or keygens or similar. Very often they contain malware. STOP ransomware often arrives via some of these illegal tools.
Thanks
 
  • Like
Reactions: Nevi and struppigel

Sushil Das

New Member
Thread author
May 16, 2021
9
This is a scam. One of my colleauges has been analysing and following STOP ransomware for years now. There is no flaw that allows decryption of these files without having the key.
As i already said they were scammer check youtube video how he took money again and again from victim who need help.https://youtu.be/jn4tboIc0PE
 
  • Like
Reactions: struppigel and Nevi
Status
Not open for further replies.