Qinynore Ransomware

What is Qinynore?

Qinynore is a new strain of ransomware virus discovered in late September 2018. It is a variant of Hidden Tear and, aside from cosmetic differences, is virtually identical to many other types of ransomware viruses.

Qinynore adds the file extension “.anonymous” to encrypted files. In addition, Qinynore replaces the infected computer’s desktop wallpaper with a file called “lol.jpg” which features an image of the “V for Vendetta” Guy Fawkes mask commonly associated with Anonymous and information regarding how much your data is being held for ransom, how to pay the ransom, and how much time you have to pay.

The Qinynore ransomware virus replaces your desktop wallpaper with an image like this one featuring instructions on how to pay the ransom.

How does Qinynore infect users?

The most common way for Qinynore and similar ransomware viruses to spread is through spam email campaigns. Spam email will often try to pass itself off as coming from a trusted source in order to increase the odds the recipient will click on the link within and accidentally download the virus.

Qinynore and viruses like it are also typically spread through seedy freeware download websites, file hosting websites, and torrent websites. Trojans already planted on a computer may also download and run Qinynore.

Example of Qinynore Ransom Note: YOU_MUST_READ_ME.rtf

Files has been encrypted with Qinynore ransomware, a Russian Hacker organization in association with anonymous. Send me some bitcoins or say goodbye to your files

Note: Don’t try to be smart, if you are seeing this it means that even if your antivirus detect the virus the files are already encrypted.

Even if you can’t see time is still counting, do not forget, 5 hours to pay since you got infected

How to protect yourself from Qinynore Ransomware

To minimize your chances of becoming infected by Qinynore, exercise caution when web browsing, especially while on less-reputable areas of the internet, such as websites organized around P2P filesharing, freeware downloads, or free file hosting.

Other tips to protect yourself from Qinynore ransomware infection:

  • Do not open email attachments if you do not know the sender
  • Do not open attachments from known senders until you confirm the person actually sent it
  • Keep your antivirus software and operating system up-to-date
  • Back up your data often and keep your backups in a secure location

I’m infected by Qinynore Ransomware – What do I do?

Sometimes, the encryption placed on your files by Qinynore and similar ransomware strains can be removed by rolling back your system to the point before infection or using Volume Shadow Copies to restore the previous versions of your files; however, it has been standard practice for many years now for ransomware viruses to delete Volume Shadow Copies and restore points in order to prevent this plan of action from succeeding.