Ransomware Research

SQ_ Ransomware

SQ_ is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2016, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: VO_.

Quick Facts

Ransomware Family
SQ_
First Seen
December 1, 2016
Known Aliases
VO_

How SQ_ Ransomware Works

Targeted Files

NOSAMPLE

File Encryption Patterns

SQ_ modifies encrypted files using specific patterns to mark them as encrypted:

Prefixes added to encrypted files:

VO_BA_nk_

Ransom Note and Payment Demands

After encrypting files, SQ_ displays ransom notes demanding payment for file recovery:

fileNK_ IN YOUR FILES..txt

Ransom message:

notes/NK_ IN YOUR FILES..txt
fileBA_ IN YOUR FILES..txt

Ransom message:

notes/BA_ IN YOUR FILES..txt
fileVO_ IN DOCUMENTS..txt

Elastio Can Help You

Don't let SQ_ ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This SQ_ ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like SQ_.

Last updated: July 30, 2025