Screenshot of the contents of ‘_readme.txt’ file (ransom note) In each folder where the virus encrypted one or more files, it drops a file with the name ‘_readme.txt’. Thus, if the file was called ‘image.jpg’ before encryption, then after it is encrypted it will be called ‘’. zwĮach encrypted file receives a new name, the Qdla virus appends the extension ‘.qdla’ at the end of the file name. Thus, the following common file types can be encrypted: All other files can be encrypted, regardless of where they are located: on the internal disk, external device or cloud storage. lnk and files with the name ‘_readme.txt’. At the same time, there are files that the virus does not encrypt: files located in the Windows system directories, files with the extension. In the process of encrypting files, Qdla tries to encrypt all files on the computer, therefore, to speed up the encryption process, it does not encrypt all the contents of the files, but only the first 154kb. This key, unlike the online key, is the same for all infected computers and can be determined by security researchers. In case when the Qdla virus cannot connect to its command server, it uses the so-called offline key. If, before encrypting the files, the Qdla ransomware was able to establish a connection with its command-and-control (C&C) server, then it uses so called ‘online key’ that is unique to each infected computer. It uses a strong algorithm and a long key to encrypt files. Once installed on a computer, Qdla encrypts files located on the drives connected to the computer.
Upon execution, an instance of Qdla virus is installed on victim’s computer.
Criminals lure unwary users into downloading ransomware by hiding malicious code within cracked versions of paid software, free software, key generators, and so on. It infects the system when the user downloads or runs malware infected files. Qdla ransomware is really a nasty malware that is the 347th version of the STOP (DJVU) ransomware. Screenshot of files encrypted by Qdla virus (‘.qdla’ file extension) QUICK LINKS
0 kommentar(er)
