Quakeway Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 364
Category: Trojans

Quakeway Ransomware is a malicious program that claims that it is not a ransomware and does not ask for money to provide you with the decryption key after it encrypts your files. As a matter of fact, we have found that this infection may not even encrypt your files anymore. This could be an unfinished ransomware program, a test run, the server could be down, or it might as well be a joke. It is very difficult to decide which one it is since its ransom note does contain some threats regarding not deleting its note or other files unless you want to lose all your personal files. Whether your version encrypts your files or not, we believe that such an attack does teach us all a very important lesson about proper file backup policy. We suggest that you start making regular backups to a removable drive or cloud storage if you do not have one yet. This is the only way for you to recover your files after a devastating ransomware attack unless a free file recovery tool developed by malware hunters hits the web soon. In any case, we recommend that you remove Quakeway Ransomware immediately from your system.

Our research revealed that this ransomware threat could be spread via three main channels. It is most likely to strike you via spam e-mails. This spam can contain an attached file that may pose as a photo or a document but it is indeed the malicious executable that will initiate this attack once you open it. Sometimes it is also possible that you find a link in the body of such a spam that claims to point to a file you need to urgently check. This spam usually regards a matter that would seem to be important for you not to miss or ignore. This can be anything like an unpaid invoice, an issue with a booking (e.g., flight, hotel room, etc.), problem with an online shopping (e.g., credit card details are incorrect), and so on. If you found such a mail in your spam folder, you would most likely think that it ended up there only by mistake and that this may be an important e-mail for you to check right away. This is why you need to be much more careful with your mails because you cannot trust your spam filter fully in the first place. Although this time you can delete Quakeway Ransomware without any possible consequence, in the case of a working ransomware program, you could lose all your important files.

The second likely way for you to let this malware infection on board is by ending up on a malicious page that is created by using Exploit Kits. Such kits take advantage of older browser and driver (Java and Flash) versions and that is how they can drop this infection among others. You can get redirected to such pages if you click on suspicious third-party ads that you can encounter on shady websites (e.g., torrent, freeware, gaming, and gambling pages), corrupt links on modified search results pages. Apart from your avoiding such pages and clicking on questionable third-party ads and links, we also highly recommend that you keep all your programs and drivers updated at all times in order to prevent such malicious attacks from happening. Remember that normally you could not delete Quakeway Ransomware without great loss if it was working properly.

Yet another way to get infected with this ransomware is to click on fake download messages that usually pop-up on your screen when you are infected with adware or when you are viewing a suspicious website. Such a third-party ad may claim that you need an urgent plugin, a software update, or to download a security tool. Unsuspecting users may fall for this trick and click to install. However, instead of the promised update or software, you would simply drop this ransomware infection. Of course, if your computer is protected by a reliable up-to-date anti-malware program, such an attack could never reach your system without being blocked. But, if you do not have proper protection on your PC, you need to remove Quakeway Ransomware as soon as possible.

This ransomware program is supposed to encrypt your most important files and add an “.org” extension to all affected files. However, we have found that at the time of our research, this infection did not do any encryption at all. In fact, this attack looks more like a joke or the work or real rookies. In the ransom note (“__iWasHere.txt”) your attackers claim that “this is not a Ransomware” program and they simply want you to “upgrade your security.” You are asked to send an e-mail to “quakeway@mail.ru” so that they can reply and send you the decryption key within 7 days. You need to send your unique ID that you can find in this note as the mail subject. Based on the broken English used in this message and the given e-mail address, we can only assume that the authors are from Russia. We do not advise you to contact these criminals because they might send you malicious security tools or other infections that could do proper damage on your system. There is only one thing we recommend that you do: Remove Quakeway Ransomware right away.

Since this malicious program does not lock your screen and does not block your main system processes either, you can easily delete it by removing the related files. Please use our guide below if you want to take care of this threat manually. Please understand that it is very easy to infect your system with dangerous malware programs like this one could be. Therefore, we suggest that you tighten your security by installing a reliable anti-malware program, such as SpyHunter.

How to remove Quakeway Ransomware from Windows

  1. Press Win+E to open File Explorer.
  2. Locate the malicious executable file you have downloaded recently.
  3. Delete this file.
  4. Find the ransom note text file (“__iWasHere.txt”) and bin it. (You may find it on your desktop.)
  5. Empty your Recycle Bin.
  6. Restart your PC.
Download Remover for Quakeway Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.


Your email address will not be published.


Enter the numbers in the box to the right *