Powd Ransomware
The Powd Ransomware is another threatening addition to the STOP/Djvu malware family. Cybercriminals continue to create more variants belonging to this malware strain. When it comes to Powd specifically, the threat operates in the typical STOP/Djvu pattern. It targets a wide range of file types - documents, PDFs, photos, databases, archives and more. All of the affected files will be encrypted with a strong cryptographic algorithm and will have '.powd' appended to their original names.
The attackers are financially motivated and they will try to extort the impacted individual users or corporate entities for money. The ransom note with instructions on how to pay the demanded ransom will be delivered to the breached devices inside a text file named '_readme.txt.' In addition, users should be warned that the operators behind STOP/Djvu threats have been observed delivering additional malware tools to the infected systems. More specifically, the threat actors are deploying info-stealer threats, such as the Vidar Stealer or the RedLine Stealer.
According to Powd's ransom-demanding message, victims are expected to pay $980 to receive assistance from the hackers. However, those who establish contact with the threat actors during the first 72 hours of the ransomware infection will only have to pay half of the amount. Victims apparently also can send 1 encrypted file as part of their message to be decrypted for free. The two email addresses provided as communication channels in the ransom note are 'support@fishmail.top' and 'datarestorehelp@airmail.cc.'
The full ransom note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-2gP6wwZcZ9
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@fishmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
Powd Ransomware Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
