Qeza Ransomware

Qeza is a newly discovered ransomware threat identified by researchers during their analysis of potentially harmful programs. Ransomware is a threatening application that enciphers data on a victim's machine and demands payment in exchange for decrypting them. Qeza operates by encrypting files and appending the extension '.qeza' to their filenames. For example, a file originally named '1.jpg' would be renamed to '1.jpg.qeza' after encryption, and '2.pdf' would become '2.pdf.qeza'.

Furthermore, Qeza has been identified as a variant within the STOP/Djvu Ransomware family. This connection suggests that Qeza may be distributed alongside other malware threats, such as information stealers like Vidar and RedLine. This combination of threats indicates a potentially complex and coordinated attack strategy by cybercriminals.

The Qeza Ransomware may Leave Various Files Inaccessible

Qeza's ransom note informs victims that their files have been encrypted and that the only way to get them back is by paying a ransom for a decryption tool along with a unique key. The note also mentions that the attackers will decrypt one file (not containing valuable information) for free to demonstrate their capability. Contact information provided in the note includes two email addresses: support@freshingmail.top and datarestorehelpyou@airmail.cc.

The ransom amount specified in the note is $999, which can be reduced to $499 if victims contact the threat actors within 72 hours. The ransom note emphasizes that data recovery is impossible without payment.

The STOP/Djvu Ransomware starts its operations by using multi-stage shellcodes, which ultimately lead to file encryption. The malware incorporates loops to prolong its execution time, making it challenging for security systems to detect and stop its activities.

Moreover, the ransomware employs dynamic API resolution to access essential tools stealthily. It also utilizes a technique called process hollowing, creating a disguised copy of itself as another legitimate process to evade detection and disguise its true malicious intent.

Crucial Security Measures to Implement on All Devices

Implementing crucial security measures on all devices is essential to protect against ransomware threats. Here are important steps that users should take:

• Keep Software Updated: Be certain that all operating systems, software applications, and anti-malware programs are regularly updated with the latest security patches. Vulnerabilities in outdated software are frequently exploited by ransomware and other malware.
• Use Strong, Unique Passwords: Use complex passwords for all accounts and devices. Consider the possibility of using a password manager to generate and store passwords securely. Avoid using the same or similar password across multiple accounts.
• Enable Two-Factor Authentication (2FA): Enable two-factor authentication wherever possible. This adds another security layer by asking for a second form of verification in addition to your password.
• Backup Data Regularly: Regularly backup important data and files and keep them on an exterior hard drive, cloud storage, or another safe location that is not continuously connected to your devices. This ensures that you can recover your data without paying ransom in case of an attack.
• Be Cautious of Email Attachments and Links: Never access attachments or click on links in emails from unknown or suspicious sources. Ransomware often spreads through phishing emails containing malicious attachments or links.
• Use Reliable Security Software: Install reputable anti-malware software on all devices. Install all available updates and perform regular scans to detect and remove threats, including ransomware.
• Educate and Train Users: Educate yourself and others in your household or organization about ransomware threats and safe computing practices. Train users to recognize phishing attempts, suspicious websites, and risky behaviors.
• Limit User Privileges: Restrict user privileges on devices to reduce the impact of ransomware in case a device is compromised. Users should only have access to the resources necessary for their tasks.
• Enable Firewall: Ensure that a firewall is enabled on all devices to monitor and control incoming and outgoing network traffic. This helps block unauthorized access and potentially harmful connections.

By implementing these security measures, users are likely to lessen the risk of falling victim to ransomware attacks significantly and protect their devices and data from cyber threats.

The ransom note dropped by the Qeza Ransomware is:

'ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that's price for you is $499.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshingmail.top

Reserve e-mail address to contact us:
datarestorehelpyou@airmail.cc

Your personal ID:'