Pozq ransomware

Pozq ransomware was recently discovered after a sample submission on VirusTotal. After some analysis, evidence was highlighted that Pozq may have a relationship with the Djvu group.

We know that, similar to Djvu, Pozq ransomware operates using password and banking information theft malware such as Vidar and RedLine, proving that Pozq is a variant of Djavu ransomware.

Pozq ransomware appears to be targeting Windows operating systems and in most cases the invasion occurs very simply.

Sending emails containing malicious links or attachments, downloading from untrusted sources or even using Trojans. These are the most commonly used ways to break into the victim’s environment.

Pozq ransomware then runs and encrypts the data present in the environment by adding the extension “.pozq” to the original file name.

At the end of the encryption process, a text file ” _readme.txt “ is created. This then makes a ransom note letter informing the victim of the current status of their data.

According to the ransom note, all infected files (with the extension .pozq) cannot be opened without the attackers own decryption software. To obtain this tool a ransom of US $980 must be paid in bitcoin to the cybercriminals.

This amount is subject to reduction if the victim contacts the attackers within 72 hours of the attack.

To be sure, this situation is oppressive and extremely uncomfortable for the victim. Moreover, many of the victims may be small businesses, which can consequently impact the organisation’s activities.

Today, contacting cybercriminals is no longer the only option for recovering your encrypted data.

Recover files encrypted by Pozq ransomware

In the data recovery industry, Digital Recovery has a wealth of experience. We have had the privilege of helping hundreds of ransomware victimized companies in our 23 years of business.

We have improved and created solutions to recover encrypted files from databases, virtual machines, servers, RAID systems and other storage.

We understand how sensitive this situation can be, which is why we act with a confidentiality agreement (NDA) to ensure our clients’ data is completely secure.

All our solutions are based on the General Data Protection Regulation (GDPR) and can be used fully remotely.

After a ransomware attack, Digital Recovery is the best option.

Our team of experts are available 24/7 to provide the best possible service.

So contact us to recover your data now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery