Summary of Qyick Ransomware

In August 2022, the cyber world witnessed the emergence of a new threat: Qyick Ransomware. This malicious software quickly caught the attention of the cybersecurity community for its unique approach – being sold as a Ransomware-as-a-Service (RaaS) on various dark web markets. Its ‘lease’ rates ranged from .2BTC to 1.5BTC, offering various levels of customization for its payloads. What sets Qyick apart is its programming language – it’s developed in Go, known for its efficiency, and it boasts support for multiple encryption modes, including the intriguing ‘intermittent encryption‘.

Qyick Ransomware

What Does Qyick Ransomware Target?

Qyick isn’t picky about its victims. It targets a broad spectrum ranging from large enterprises and high-value targets to small and medium businesses (SMBs). The flexibility in its targeting is a direct result of its RaaS model, where affiliates choose their victims based on their own preferences or objectives.

How Does Qyick Ransomware Spread?

Qyick’s distribution channels are as cunning as they are diverse. It primarily spreads through phishing and spear-phishing emails – deceptive communications designed to trick the recipient into installing the ransomware. It also exploits exposed and vulnerable applications and services, and it leverages popular third-party frameworks like Empire, Metasploit, and Cobalt Strike to infiltrate networks.

Qyick Ransomware Technical Details

Late August 2022 saw ‘lucrostm’, a known entity in cybercrime circles, advertising Qyick in a notorious TOR-based crime market. This wasn’t lucrostm’s first rodeo – they were already known for selling remote access tools and malware loaders. Unlike typical RaaS offerings, Qyick was a one-time purchase with a price tag varying from .2 BTC to 1.5 BTC, depending on how tailored the buyer wanted their ransomware. An interesting catch – if the ransomware was detected by security software within six months, the buyer would get a new sample at a significant discount. Qyick’s claim to fame is its intermittent encryption, a technique that accelerates the encryption process, making it a formidable tool for cybercriminals. However, Qyick doesn’t possess data exfiltration capabilities in its current version.

How to Detect Qyick Ransomware

The SentinelOne Singularity XDR Platform stands as a bulwark against Qyick, with its advanced capabilities to detect and thwart the malicious behaviors and artifacts associated with this ransomware.

How to Mitigate Qyick Ransomware

Mitigating the threat posed by Qyick involves employing the SentinelOne Singularity XDR Platform. This platform is adept at identifying and neutralizing the risks associated with Qyick, ensuring your digital environment remains secure.

How to Remove Qyick Ransomware

For those protected by SentinelOne, there’s little to worry about when it comes to Qyick. The platform’s proactive defense mechanisms ensure protection without the need for additional actions. In scenarios where SentinelOne’s policy is set to ‘Detect Only’ and an infection occurs, the platform’s unique rollback capability can reverse the malicious impact and restore encrypted files, as demonstrated in the accompanying video.