Home Malware Programs Ransomware Pojie Ransomware

Pojie Ransomware

Posted: July 10, 2020

The Pojie Ransomware is a Chinese file-locking Trojan that blocks your media and holds it for ransom. Besides including references to a reverse-engineering software site, it also may hide its executable as a picture or as Windows server software and targets Chinese speakers. Users should keep to the standard solutions of a secured backup for retrieving their files and anti-malware services for uninstalling the Pojie Ransomware.

Toxic Software Seeping Out of a Crack

The self-declared 'I Love Cracks' Web forum of 52pojie.cn is the latest theme for a China-specific Trojan, although there's no evident affiliation between the site's administrators and this threat. The website in question is a reverse engineering site for black hat software and could be the source of the Pojie Ransomware's code, or merely a joking reference. In either event, malware researchers confirm all of the usual features in this Trojan, most importantly, the data-locking ones.

The Pojie Ransomware blocks digital media content by encrypting it using a still-to-be-determined set of algorithms. Malware experts confirm targeted formats such as PowerPoint presentations, Word DOCs, JPG pictures, and even INIs being hostages during the Pojie Ransomware infections. Due to a possible glitch in its payload, the Trojan also appends its extension ('52pojie') to their names multiple times.

The Pojie Ransomware intended audience is evident. It creates a Chinese-language, text ransom note, which asks for negotiations over a free e-mail address. Since malware specialists have yet to confirm any Shadow Volume Copy deletion, the Restore Points might be a viable data recovery solution for any victims – and is preferable to paying an unknown ransom.

Engineering Foolproof Protection from Asian Trojans

The Pojie Ransomware's current disguises include faking a JPG for its installer and pretending that it's the Windows Client Server Runtime Process. Since these themes do little for narrowing its infection vector possibilities, malware experts only can recommend generalized precautions. Users should avoid illicit downloads – whether they're from Web forums or torrents – and disable threatening features like JavaScript, Flash, and macros, as a matter of habit. Chinese users are at risk from this threat, particularly, but its payload can impact users with other language settings and non-Chinese IP addresses.

The Pojie Ransomware also is too new for determining the longevity of its encryption security or the potential lack of it. Although encryption can keep files from opening permanently, it also is a technically-simple feature that even an inexperienced threat actor can implement. Users shouldn't rest their hopes on decryption availability, and, instead, create backups that Trojans can't attack.

The Pojie Ransomware looks like a tongue-in-cheek reference to the sharing of Black Hat software knowledge across the Web, but the relationship could be more meaningful than that. In any event, it's another Trojan that's best stopped before it gets started – by backing up your files.

Loading...