Popotic Ransomware

File-encryption Trojans continue to be the #1 trend among cybercriminals due to their fairly simple structure, and incredible efficiency. These hacking tools are meant to encrypt the contents of their victims' hard drive, and then offer them a deal – pay a specific amount of money in exchange for decryption software. Often, victims are left with no choice but to cooperate with the perpetrators, and they end up parting with hundreds of dollars to have a glimmer of hope that their data will be restored. This is the exact strategy that Popotic Ransomware's authors have adopted.

This file-locker is likely to be spread via bogus email messages that usually ask the victim to download a file – either an email attachment or hosted on an external server. The files preferred by ransomware authors are:

• ZIP archives with a corrupted executable inside.
• Macro-laced Microsoft Office documents.
• VBS files that execute a compromised script.
• Plain executable file posing as another program.

Regardless of the propagation option chosen by the Popotic Ransomware's authors, the result of their attack is always the same – a long list of locked documents, images, archives, videos, databases and other important files. The threat also will mark the names of the files it encrypts by adding the '.popotic' string to the end of their name – for example, the file 'document.pdf' would be called 'document.pdf.popotic' when the Popotic Ransomware is done with it.

Last but not least, the file-locker provides victims with a ransom note that contains details about the attack, as well as instructions on how to get the files back. Unfortunately, the offer made by the Popotic Ransomware's operators is not acceptable – they want to be paid €900 via Bitcoin. They also promise to decrypt one file free of charge as proof that their decryption service is real and working. The last bit of relevant information there is the email of the perpetrators – ss-eu@pm.me.

Cooperating with cybercriminals is never the solution, and we advise our readers to look into alternative & legitimate data recovery options. Unfortunately, decrypting files locked by the Popotic Ransomware is impossible for now, and only the threat's authors are able to do that. However, you can still make sure to eliminate the harmful application with the use of a trustworthy anti-virus product, therefore preventing it from further damaging your files.