Home Malware Programs Ransomware Popotic Ransomware

Popotic Ransomware

Posted: June 27, 2019

The Popotic Ransomware is a file-locker Trojan that can block different media types on your computer through encryption. Data-encrypting attacks can be irreversible, and malware experts recommend having backups in secure locations for an all-inclusive and free recovery solution. Otherwise, use anti-malware services for deleting the Popotic Ransomware on sight and monitor infection vectors and server weaknesses, such as open RDP.

A New Actor Popping into the File-Ransoming Business

A threat actor is going to the trouble of writing a unique ransom note, instead of bothering with an abject copy-paste or recycled resources, for his Trojan's campaign. The Popotic Ransomware has symptoms that aren't that different from those of many, more numerous families like Hidden Tear, and, just like them, uses encryption for extortionist purposes. However, its demands are custom to its payload, while also giving some hints about its SOP.

The Popotic Ransomware is targeting business-sector victims, such as unsecured servers found through port-scanning utilities, ones using unsafe RDP settings, or ones accessible through a brute-forcible login combination. It uses encryption with a still-unknown algorithm for locking the server's files and leaves behind a text message as its ransom note. This behavior isn't unusual for a threat of its type, and malware experts warn against mistaking the Popotic Ransomware for a more commonplace Trojan, like Hidden Tear, the Scarab Ransomware, the Globe Ransomware, or the Dharma Ransomware – all of which are operating in the wild as of this article's authorship date.

The Popotic Ransomware stands apart from its many competitors by the 'popotic' extension it adds to the names of everything it locks, but also, by its unique ransoming demands. The Popotic Ransomware asks for 900 Euros in Bitcoin cryptocurrency and provides a link to the threat actor's wallet. Malware experts do see some activity in this account, but none that corresponds to the Trojan's ransoming demands.

Popping the Trojan Extortion Bubble

The Popotic Ransomware isn't the only file-locker Trojan who's honing in on corporate and small business targets; the Popotic Ransomware's campaign comes at the same time as that of the Pzdc Ransomwar, which asks for similarly large amounts of money for giving the victims a decryptor. Both campaigns are, thankfully, defensible in advance by adhering to common-sense security precautions, such as turning off RDP when you don't need it, using sophisticated credentials for account security, and looking closely at e-mail attachments and links before opening them.

A backup may or may not be the only means of data recovery after a Popotic Ransomware attack. Since encryption requires little programming expertise for rendering secure, even from highly-experienced anti-malware specialists, malware experts always suggest keeping a backup in another location. Traditional anti-virus and anti-malware products can limit damages by removing the Popotic Ransomware automatically, however.

The Popotic Ransomware is popping onto a much-contested scene with heady expectations of the money it can make. Whether or not that hope is genuine or bluff is all up to the businesses that it attacks.

Loading...