Ransomware Report
You can check the latest ransomware information.
- title
- Nqix ransomware
- Registration date
- 2025-09-10
- views
- 82
[ Nqix ransomware ]
[Virus/Malware Activity Reported: Nqix Ransomware]
We are aware of a security breach suspected to be Nqix ransomware and
would like to provide the following information and warning regarding the situation.
Nqix ransomware
The ransomware is called Nqix and appears to be modifying all files with the file name .id - 8-digit unique ID .[support@qbmail.biz].nqix.
How it works
File version
[Figure 1 Ransomware executable file compiler information]
[Figure 2 File information in Windows properties]
Ransomware behavior characteristics
-
Nqix ransomware is a C++-based malware and has been identified as a variant of Dharma ransomware. The executable file is self-obfuscated, making internal code analysis impossible. Upon infection, immediately after encryption, it executes meshta.exe (a ransom note file) located in the system32 directory and copies the ransomware executable and note file (info.hta) to the %AppData%Roaming directory. These files are then registered in the Windows startup registry, ensuring that the same behavior is repeated upon system restart.
[Figure 3 Copying executable files and notes and registering startup program registry]
Infection results
After encryption is complete, a guide file called mshta.exe is created in the system32 folder, and each encrypted file is changed to < file name. extension. id - 8-digit unique ID. [support@qbmail.biz]. nqix >.
[Figure 4 Infection Results]
White Defender response
It also supports real-time automatic restoration of files that were encrypted before WhiteDefender ransomware's malicious actions and blocking.
[Figure 5 Blocking Message]
- Previous post
- No previous posts
- next post
- Cyborg ransomware
