Ransomware Pozq

The Pozq ransomware was recently discovered after a sample submission on VirusTotal. After some analysis, evidence was highlighted that Pozq may have a relationship with the Djvu group.

We know that, similar to Djvu, the Pozq ransomware operates using password and banking information theft malware such as Vidar and RedLine, proving that Pozq is a variant of the Djavu ransomware.

Pozq ransomware appears to be targeting Windows operating systems and in most cases the invasion is very simple.

Sending e-mails containing malicious links or attachments, downloading from untrusted sources or even using Trojans. These are the most commonly used ways to break into the victim’s environment.

The Pozq ransomware is then executed and encrypts the data present in the environment by adding the extension “.pozq” to the original file name.

At the end of the encryption process, a text file ” _readme.txt “ is created. This then issues a ransom note informing the victim of the current status of his or her data.

According to the ransom note, all infected files (with the extension .pozq) cannot be opened without the attackers own decryption software. To obtain this tool a ransom of $980 must be paid in bitcoin to the cybercriminals.

This amount is subject to reduction if the victim contacts the attackers within 72 hours of the attack.

To be sure, this situation is oppressive and extremely uncomfortable for the victim. Furthermore, many of the victims may be small businesses, which can consequently impact the organization’s activities.

Today, contacting cybercriminals is no longer the only option for recovering your encrypted data.

Recover files encrypted by Pozq ransomware

In the data recovery industry, Digital Recovery has a wealth of experience. We have had the privilege of helping hundreds of ransomware victimized companies in our 23 years of business.

We have improved and created solutions for recovering encrypted files from databases, virtual machines, servers, RAID systems, and other types of storage.

We understand how sensitive this situation can be, which is why we operate under a confidentiality agreement (NDA) to ensure that our customers’ data is completely secure.

After a ransomware attack, Digital Recovery is the best option.

Our team of experts is available 24/7 to provide the best possible service.

So contact us to recover your data now.


We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.