Quakeway Ransomware

What is Quakeway Ransomware?

It looks like Quakeway Ransomware might be currently inactive, but users may still come across this malicious program. The malware’s sample our researchers at Anti-spyware-101.com tested did not encipher any files located on the computer, although the infection’s shown warning message claimed the complete opposite. However, it does not mean the threat cannot encipher data since the further research revealed it should be capable of doing so. In such case, the encrypted files should be marked with a second extension called .org, e.g. photograph.jpg.org. It seems to us the best course of action after encountering Quakeway Ransomware is removing the malicious program from the system as soon as possible. It would probably be easier to erase it with an antimalware tool, but you can try the manual deletion instructions available below the text too.

Where does Quakeway Ransomware come from?

Our specialists think Quakeway Ransomware could have been or might still be spread via malicious email attachments, pop-up ads, and so on. Based on our experience with threats like the ransomware we can say that many users come across such malware because of their carelessness. For instance, one of the common mistakes is opening suspicious email attachments received from unknown sources or categorized as Spam. If you believe such data might be genuinely valuable or you feel too curious to leave it be, you should at least check the file with a legitimate antimalware tool that could confirm its reliability or reveal possible threats. Moreover, to keep the system safe, we would recommend staying away from questionable pop-up ads you might find on unreliable web pages. As for software installers, they should be downloaded from reputable sources where such files could not be bundled with dangerous applications.

How does Quakeway Ransomware work?

The application should encipher files with a secure cryptosystem and then display a warning message to inform the user about the situation, but as we said earlier in the text the sample we tested did not behave this way. Apparently, Quakeway Ransomware skipped data encryption and showed us a warning message. It is a short text located in a document named __iWasHere.txt. The text says the files belonging to the user were made unreadable and cannot be opened. Apparently, to recover data the user is supposed to contact the malicious program’s developers via given email and wait till they send instructions on what to do next. What’s more, we noticed that the message warns not to delete the document or else the user will not be able to decrypt his files, but we doubt the removal of this ransom note could have the described outcome.

Lastly, Quakeway Ransomware’s developers state they do not need any money, and they did this (enciphered user’s files) just because they care about your system’s safety. As much as we would like to believe the infection was created to teach careless users a lesson in being more cautious, it is more likely that this statement is made just to convince the user to follow the instructions. Thus, we advise ignoring the note and not to pay money to these hackers no matter what they offer in exchange in order not to get tricked.

How to eliminate Quakeway Ransomware?

Quakeway Ransomware can be erased manually if you find its installer and remove it. Users can do so either manually or while using automatic features. If you choose the first method, you should follow the instructions located at the end of this paragraph, unless you know where the installer is and can get rid of it on your own. Users who choose the second option should install a legitimate antimalware tool and perform a full system scan. The best part is that by choosing the second option you can clean the system from other possible threats and if you keep the tool up to date you might be able to protect the computer from future threats too.

Get rid of Quakeway Ransomware

1. Tap Ctrl+Alt+Delete.
2. Choose Task Manager.
3. See if there is a process associated with the malicious program.
4. Mark this malicious processes and press End Task.
5. Close the Task Manager.
6. Click Win+E.
7. Check directories where you could find the malware’s installer, e.g. Temporary Files, Desktop, Downloads, and other folders.
8. Right-click the suspected file and tap Delete.
9. Find the ransom note (__iWasHere.txt), right-click it and choose Delete too.
10. Leave the File Explorer.
11. Empty your Recycle bin.
12. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Quakeway Ransomware*