Decrypt .qwqd Files Encrypted by DCry Ransomware

Decrypt .qwqd Files Encrypted by DCry Ransomware

.qwqd encrypted file dcry ransomware sensorstechforum

This article aims to reveal how users who have .qwqd files encrypted by DCry ransomware can remove the threat and then decrypt files without paying the ransom to cyber criminals.

DCry ransomware has first been detected at the beginning of July 2017. Its first version is associated with an extension of the same name that renames corrupted data. Presently DCry ransomware has a new strain detected by security researchers. It is known to encrypt valuable data stored on the infected PC then append the malicious extension .qwqd to all encrypted files and demand a ransom from its victims. Hackers contact victims via a ransom note that is dropped on the system so it can appear on the PC screen at the end of the infection. Keep reading and learn how to deal with DCry ransomware complete removal and decrypt .qwqd files.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer. Demands ransom payoff in BitCoin. The ransom varies.
SymptomsThe files are encrypted with the .qwqd file extension added to them. The virus drops a ransom note, named HOW_TO_DECRYPT.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by DCry


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss DCry.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

More Details About DCry Ransomware

This ransomware infection may be spread via several different methods on a global scale. Security experts point out RDP attacks to be the preferred one. The ransomware can be installed by exploiting the RDP protocol and services which allow hackers to establish remote control over the PC. They may utilize various social engineering tricks in order to steal sensitive credentials or penetrate the system unnoticeably. Often spam emails pose as legitimate sources who prompt users to interact with compromised file attachments or links.

DCry ransomware payload contains a malicious executable called Dcry.exe. Once the file is started on the PC, it initiates a scan of all drives aiming to find and encrypt all target files. Each corrupted file receives the malicious extension .qwqd and remains unusable until a decryption key is applied to the decrypter.

.qwqd encrypted file dcry ransomware sensorstechforum

The threat is likely to encrypt frequently used file types that store valuable information so affected users will be more prone to pay the ransom. During the infection process, users may witness system slowdowns caused by ransomware activities performed in the background.

When DCry encrypts all target files it drops a ransom note file HOW_TO_DECRYPT.txt which probably presents the following message:

“Files has been encrypted.
If you want to decrypt, please, write me to e-mail:
Your key: {unique key}”

More about DCry ransomware impacts over the system you can read in our DCry removal guide.

The good news is that the DCry ransomware code has been cracked successfully by security specialists and there is no need to pay the ransom. They have released a freely available decrypter for all .qwqd and .dcry files which you can learn how to use in the instructions below. But first, make sure to get rid of all malicious files and objects associated with the ransomware and backup of all encrypted files.

DCry Ransomware Removal Instructions

The successful decryption of .qwqd files is possible only after the complete DCry ransomware removal. Otherwise, as long as it is running on the system it will encrypt all decrypted files again. Following the steps below will help you to perform either manual or automatic ransomware removal. Beware that an extra scan with an advanced anti-malware tool can detect all malicious files that may remain hidden on the system during the manual removal process.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share