This particular piece of malware is known as POGO Tear and it’s based on open source ransomware code called Hidden Tear. POGO Tear encrypts the files on victims’ computers, changes the extension to “.locked” and then demands a ransom on a screen emblazoned with famed character Pikachu’s picture.
POGO Tear is currently coded to display its ransom message in Arabic only as shown below. The text informs users that their data has been encrypted and instructs them to contact firstname.lastname@example.org to decrypt their files. It also thanks them for their generosity.
What’s interesting about this malware is that it incorporates several features not usually found in other ransomware viruses. POGO Tear creates an administrative user account called Hack3r on the victim’s machine and then hides it from the logon screen so the user can’t tell it’s there.
It also creates a network share on the victim’s computer and copies itself to all available network drives. The ransomware automatically executes when Windows starts.
If your computers have been infected with ransomware or any other viurus, call IES today at 781-816-9437. The longer you wait, the worse the situation will be!