Pqgs ransomware removal

Pqgs ransomware is file-encrypting malware that comes from the Djvu/STOP ransomware family. Once it’s initiated on your computer, it will encrypt your personal files and then demand that you pay a ransom to acquire a decryptor. Unfortunately, once files are encrypted, it’s not possible to decrypt them unless you have the decryptor. But the only people who have it are the cybercriminals operating this ransomware. They will try to sell the decryptor to you for $980 but there are certain risks involved in paying the ransom.

 

 

Pqgs ransomware is essentially identical to Utjg, Futm, Qmak, and Qdla. They all come from the same Djvu/STOP ransomware group which is responsible for having released hundreds of ransomware already, with new versions released every few days. While these ransomware versions are very similar, they can be differentiated by the extensions they add to encrypted files. This ransomware will add .pqgs, hence why it’s called Pqgs ransomware. All your personal files, including photos, images, videos, documents, etc., will have that extension, and you will not be able to open any of those files. To make them openable again, you would first need to decrypt the files using a specific decryptor.

While it’s encrypting your files, the ransomware will display a fake Windows update window. And once it’s done with file encryption, a _readme.txt ransom note will be dropped in all folders that contain encrypted files. The note is pretty generic and mostly identical to the notes dropped by other versions of this ransomware. The note explains that files have been encrypted and how to obtain the decryptor. Unfortunately, if you want the decryptor, you will need to pay the ransom. The regular price for the decryption tool is $980 but supposedly, if you make contact within the first 72 hours, you would get a 50% discount. Whether that is actually the case or not, paying the ransom is not recommended. Keep in mind that you are dealing with cybercriminals. There is nothing to stop them from simply taking your money and not sending anything back in return. It has happened to many users in the past and you cannot be sure that it will not happen to you if you pay. Unfortunately, that decryptor is currently the only way you can decrypt files at the moment.

There is a free Djvu/STOP ransomware decryptor developed by software company Emsisoft but it will only work on Djvu versions released before 2019. More recent versions, including Pqgs ransomware, use online keys to encrypt victims’ files. That means that encryption keys are unique to each victim. Without those keys, it will not be possible to develop a free decryptor. So until those keys are released by the cybercriminals themselves or by law enforcement, you will not be able to decrypt your files. However, it’s not impossible that the keys will become available in the future so back up the encrypted files and wait for a decryptor. When looking for a decryptor, you need to be very careful because there are many fake ones. If you cannot find a decryptor on a legitimate source like NoMoreRansom, you will certainly not find it on some questionable forum.

If you have a backup, you should have no issues with recovering files, provided you first make sure to remove Pqgs ransomware from the computer. If the ransomware is still present when you connect to your backup, your backed-up files would become encrypted as well. So use anti-virus software to delete Pqgs ransomware and only then access your backup.

Ransomware infection methods

If you have bad online habits, you’re at a much higher risk of picking up some kind of malware infection. In particular, if you open unsolicited email attachments without first checking that they are safe, or download copyrighted content via torrents, you will encounter malware eventually.

Users often end up infecting their computers with malware by opening spam email attachments. Malspam campaigns are one of the easiest and most efficient ways to spread malware widely. All malicious actors need to do is purchase email addresses from hacker forums, write up a semi convincing email, and attach a malicious file. Because these emails do not target anyone specifically, they are very generic, thus very obvious most of the time. The most obvious sign that you’re dealing with a malicious email is grammar/spelling mistakes in what’s supposed to be official correspondence from some company whose services you supposedly use. Another thing you may notice is the senders addressing you in “Customer”, “User”, “Member”, etc., instead of your name. If the sender claims that you are a customer of theirs, they will always address you by your name in emails they send you. So emails with generic greetings are usually at least questionable. In rarer cases, emails carrying malware can be more sophisticated, especially when they target someone specific. Thus, it’s recommended to always scan email attachments with anti-virus software or VirusTotal before opening them.

If you are a torrent user and use it to download copyrighted content, you’re also at risk of picking up malware. You likely already know this but torrent sites are quite badly regulated, which allows cybercriminals to easily upload malicious content disguised as a torrent for some kind of movie, video game, TV series, software, etc. It’s especially risky to pirate popular and/or recently released content. For example, torrents for recently released Marvel movies will more often than not contain malware.

Pqgs ransomware removal

Because ransomware is a very complex malware infection, use anti-virus software to remove Pqgs ransomware. The program will take care of the infection for you and ensure that all of its components are gone from your computer. Once you delete Pqgs ransomware fully, you can access your backup to start recovering files.

Do not attempt to remove Pqgs ransomware manually because you may not complete the whole process and some parts of the infection may remain. If you connect to your backup while ransomware is still present, your backed-up files would become encrypted as well.