Quickbooks accounting software was launched in 1998 by Intuit, and since then it has taken over the accounting market, in 2008 the software was being used in 94.2% of retail units in the business accounting category in the United States.
Quickbooks has expanded its functionality and scope to become an internationally used software. It is compatible with Windows and MacOS operating systems, and provides automatic backup and storage in the cloud. The files it generates are given the extension .QBW and .QBB.
Given all this success, Quickbooks has become a target for cybercriminals, with phishing campaigns aimed exclusively at the software’s users, mainly from ransomware groups, which aim to encrypt all data stored by the software, whether in the cloud or on storage devices.
Criminals have been forging emails impersonating Intuit, informing customers that their plans have expired and prompting them to update their registration via a link or document attached to the email, which contains ransomware that will install once opened. This has been the primary means of attack, but it is not the only one.
After the invasion, the ransomware disables all system defences and any program that can activate countermeasures to cripple the encryption.
In addition, the groups have developed their ransomware to specifically look for backups, to take away any option for the victim other than paying the ransom amount requested by the group for the release of the decryption key.
These amounts can easily reach millions of dollars, which must be paid in cryptocurrency, they are used because they are virtually impossible to trace. The good news is that even if all the files have been encrypted, including the backup, there is still an alternative to paying the ransom, the recovery of encrypted data done by specialised companies.
Recovery of Quickbooks File Encrypted by Ransomware
Digital Recovery specialises in the recovery of files encrypted by ransomware, whether on physical devices or virtualised environments. With over 20 years of experience we have developed unique solutions for data recovery.
All our processes have been developed under the General Data Protection Regulation (GDPR) and we make available to all our clients a non-disclosure agreement (NDA).
We can recover from any place in the world via remote recovery. In cases where recovery is an emergency, our labs operate with 24x7x365 availability.
During the whole process the customer is followed by one of our specialists. We are able to start the recovery process right now, please contact us.