Cyber security researchers from Italy have discovered a new security flaw that mainly affects almost all versions of MS Office. This vulnerability can let the cyber extortionists to create and distribute macro-based self-replicating malware named ‘qkG Ransomware’ and hide it behind unsuspecting Microsoft Word documents. According to the malware analysts, a self-replicating malware is not a new type of virus and Microsoft has already introduced security mechanism that can limit the virus’ functionality. However, qkG Ransomware have the ability to evade the Microsoft’s security controls quite easily.
Based on the latest research report published by a reputed security firm on November 22nd reveals that a new strain of nasty malware has been developed by the criminal hackers dubbed as ‘qkG Ransomware’ which exploits the feature of MS Office. Instead of an actively used virus, this ransomware looked more like an ‘experimental project’ or a ‘proof of concept’. The malware uses a deceptive technique which allows the execution of harmful macros once the Microsoft Word document is closed. qkG Ransomware is a single file-encrypting virus which is written in the Visual Basic for Applications macros.
Unlike regular ransomware viruses which uses macros only to download the malware executable, qkG Ransomware employ harmful Auto Close VBA macros also used by the variant of Locky Ransomware known as ‘Lukitus Ransomware’ which allows executing macros once the document is closed. The first sample of this ransomware was uploaded from the IP address located in Vietnam which shows that the virus includes a Bitcoin wallet address in a displayed ransom notification and asked the amount of 300 USD. This ransomware mainly spreads with the help of spam email attachments which includes Word documents with harmful VBA code.
Furthermore, qkG Ransomware uses XOR cipher in order to encode the Word files. Depth-analysis revealed that there is no ransom payment had been to the provided Bitcoin wallet address which shows that the malware hasn’t targeted anyone and the ransomware still uses the hard-coded password: ‘I’m QkG@PTM17! by TNA@MHT-TT2’. Typically, the ransomware threats targets as much file types as possible, but the qkG Ransomware only encrypts MS Word documents. It is especially programmed by the hackers to encode only opened Word files. Besides, it uses autostart macro command i.e. ‘Document_Open()’ to the targeted files and makes several copy of itself.
In addition, the file encryption process starts when the infected users closes the document. Therefore, to avoid such vicious attack refrain opening the files attached to spam email arrived from unknown sources and remove qkG Ransomware as soon as possible once it infects your PC. Also, try alternative method for file restoration instead of paying asked ransom money. For complete removal of this ransomware, you can employ a credible anti-malware tool and try to use the best file recovery software in order to restore the Microsoft Word files encoded by qkG Ransomware. Meanwhile, you must perform the file recovery procedure after the successful elimination of this ransomware from your infected Windows machine.
Related Posts
New AgeLocker Ransomware Abuses Legit ‘Age’ Encryption Tool
Five Ways to Check If a Website Is Safe?
Resolve The Recycle Bin on C:/ is corrupted Error on Windows 10
(Resolved) Headphones Not Working In Windows 10
Best Method To Fix The Javaw.exe Error On Windows
(Resolved) 0X000000A5 Blue Screen Stop Error on Windows