QuickBooks File Encrypted by Ransomware

Quickbooks accounting software was launched in 1998 by Intuit, and since then it has taken over the accounting market, in 2008 the software was being used in 94.2% of retail units in the business accounting category in the United States. 

Quickbooks has expanded its functionality and scope to become an internationally used software. It is compatible with Windows and MacOS operating systems, and provides automatic backup and storage in the cloud. The files it generates are given the extension .QBW and .QBB. 

Given all this success, Quickbooks has become a target for cybercriminals, with phishing campaigns aimed exclusively at the software’s users, mainly from ransomware groups that aim to encrypt all data stored by the software, whether in the cloud or on storage devices.

Criminals have been forging emails impersonating Intuit, informing customers that their plans have expired and asking them to update their registration via a link or document attached to the email, which contains ransomware that will be installed once opened. This has been the primary means of attack, but it is not the only one. 

After the invasion, the ransomware disables all system defenses and any program that can activate countermeasures to cripple the encryption. 

In addition, the groups have developed their ransomware to specifically look for backups, to take away any option for the victim other than paying the ransom amount requested by the group for the release of the decryption key.

These amounts can easily reach millions of dollars, which must be paid in cryptocurrency, they are used because they are almost impossible to trace. The good news is that even if all the files have been encrypted, including the backup, there is still an alternative to paying the ransom, namely encrypted data recovery by specialized companies.

Recovery of Quickbooks File Encrypted by Ransomware

Digital Recovery specializes in the recovery of files encrypted by ransomware, whether on physical devices or virtualized environments. With more than 20 years of experience we have developed unique solutions for data recovery.

We can sign a non-disclosure agreement (NDA) with our clients. 

We can also recover from any place in the world via remote recovery. In cases where recovery is an emergency, our labs operate with 24x7x365 availability.

During the entire process, the customer is followed by one of our specialists. We are able to start the recovery process right now, contact us.

Digital Recovery helps companies recover data

Check out other posts

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.