The cybercriminals operating a family of malware known as Djvu/STOP continue to release new versions on a regular basis. One of the most recent ones is Pouu ransomware. This ransomware is recognizable by the .pouu extension it adds to files it encrypts. The ransomware primarily targets regular users on a large scale and encrypts all of their personal files. Because encrypted files are often permanently lost, ransomware is considered to be a particularly dangerous threat.
Ransomware infections mainly target personal files, including photos, documents, and videos. These are the files that are most precious to users and losing them would greatly inconvenience them. Thus, they would be more likely to pay for their recovery.
Ransomware operators make money by extorting victims. They try to sell tools to decrypt encrypted files for large amounts of money but since they’re not legitimate businesses, they do not have to keep their end of the deal. This often results in users paying the requested ransoms but not receiving the decryptors. Only users who have backups can recover their files.
Pouu ransomware drops a ransom note named _readme.txt in folders that have encrypted files, and it explains how victims can get the decryptor. According to the note, the decryptor can be obtained by paying $980 in ransom. There’s also supposedly a 50% discount for those who contact the malware operators within the first 72 hours. But whether the discount is actually real is not certain. The note also mentions that victims can recover 1 file for free as long as it does not have any personal or sensitive information.
For those who wish to contact the malware operators to buy the decryptor, the contact email addresses are [email protected] and [email protected] However, victims who are thinking about paying the ransom should be aware that it’s risky. It’s important to keep in mind that cybercriminals are not obligated to help victims and they often do not. There’s not a whole lot victims can do to force them to send the decryptor. In the end, it’s the users’ decision to pay the ransom or not but they need to be aware of the risks involved.
Developing a free decryptor for ransomware from this particular malware family is quite difficult. When Pouu ransomware encrypts users’ files, it uses online encryption keys. This essentially means that the keys are unique to each user. To develop a universal decryptor that would work for all affected users, the keys would need to be released by the malware operators. While it’s not impossible that this could happen, it’s not very likely. So the chances of a free Pouu ransomware decryptor are quite slim. Nonetheless, encrypted files should be backed up in case it does get released.
The prevalence of ransomware infections only highlights the necessity for users to regularly back up their files. This is a habit that users are slow to develop but it’s a necessary one. There are many ways to back up files so users will certainly be able to find the method that best works for them.
Best ways to avoid malware infections
In addition to backing up files, learning how malware spreads are one of the best ways to fight malware. If users know where malware is usually lurking, they can avoid it without much trouble.
The most common ways regular users pick up malware:
- Email attachments
- Torrents
- Fake downloads
Because emails are a pretty easy malware distribution method, it’s one often used by malicious actors. The targets are generally users whose email addresses have been leaked. Those email addresses are sold on hacker forums and bought by cybercriminals for their malicious campaigns. The campaigns that target regular users are generally very easy to identify because they’re low-effort. Cybercriminals make many grammar/spelling mistakes that usually give them away immediately because senders pretend to be from legitimate companies. Malicious senders also often claim that the attached file is some kind of important document that needs to be reviewed as soon as possible. This is often an effective tactic. To avoid malware infections, users need to be very careful with unsolicited email attachments.
It’s also pretty common for users to pick up malware infections from torrents. It’s no secret that a lot of torrents (especially ones for popular entertainment content) contain malware. Torrenting copyrighted content is technically theft so it would not be recommended even if it wasn’t dangerous for the computer.
To avoid malicious infections, users also need to be very careful about what they download and where they do it from. Malware is often disguised as programs and promoted on questionable websites. Users who tend to download content from random sources often end up downloading infections.
Can Pouu ransomware-encrypted files be recovered?
Unfortunately, because there is no free Pouu ransomware decryptor, files cannot be recovered for free. Users who have backups of their files can start recovering them as soon as they remove Pouu ransomware from their computers. Users should use anti-virus programs like WiperSoft or SpyWarrior for this because it’s a fairly complex infection that requires a professional program to remove.