![]() ![]() More about ransomwareĬybercriminals have been spotted using information stealers to obtain sensitive information before encrypting files with Djvu ransomware. It can be sent to the attackers via email before purchasing decryption tools. ![]() That file cannot contain valuable information. The ransom note provides two email addresses for contacting threat actors: and also mentions that victims can have one file decrypted for free. Decryption tools can be purchased for $490 on one condition - the attackers must be contacted within 72 hours. The ransom note says that the only way to recover files is to decrypt them with a decryption tool and a unique key that cost $980. Screenshot of files encrypted by Pohj ransomware: pohj" extension to filenames, and drops the " _readme.txt" file containing a ransom note.Īn example of how Pohj renames the encrypted files: it changes " 1.jpg" to " 1.jpg.pohj", " 2.png" to " 2.png.pohj", " 3.exe" to " 3.exe.pohj", and so forth. We discovered this ransomware while examining malware samples submitted to VirusTotal. Pohj is ransomware that belongs to the Djvu family (one of the most widespread ransomware families). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |