All You Need To Know About .qkG Virus
Cyber security researchers have revealed a new but a unique example of a file-encoder threat named .qkG Virus. First of all, it has been spotted on November 12th, 2017 and written in VBA (Visual Basic for Applications) macro which is especially programmed by the cyber extortionists to encipher the Microsoft Word document only by using XOR cryptography algorithm. Based on the research report, the first sample of this malware was uploaded from Vietnam. However, it is important for you understand that the active distribution for .qkG Virus has not started yet, but you should keep your security measures update in order to protect yourself from the attack of such vicious ransomware virus, as it is still under development phase.
According to the malware analysts, this ransomware might be an experimental file-encrypting virus as well. In case, if you have already become the victim of .qkG Virus, then you should not pay the asked ransom money i.e. 300 USD in the form of Bitcoin. Cyber criminals behind this ransomware encrypts one type of file identified MS Word document, but such type of encoder viruses targets as much file-types as possible for the successful encryption. Besides, it employs Auto Close VBA macro which is reported as a same technique used by the Lukitus virus, known as a latest variant of Locky ransomware. This feature allows the ransomware to execute malicious macros once the victimized computer users close the document.
How Does .qkG Virus Work?
It is especially designed to encrypt the content of the infected Microsoft Word document, and do not change the file structure and name. The malware like .qkG Virus only encode the Active Document which means that only opened MS Word file will be enciphered. It makes copy of itself just by adding 'Document_Open()' autostart macro command onto the affected machine. Besides, the threat also injects malicious code into the normal '.dot' file which is known as a basic Word template. The hardcoded password used by the malware is 'I’m QkG@PTM17! by TNA@MHT-TT2'. In such circumstances, you should take immediate action to remove .qkG Virus effectively from your PC.