RANSOMEWARE HIT MANY PEOPLE IN NIGERIA, Detected in ENDNOTE - encrypt file as .peet
By Abdullahi Loke
An attack has been launched against Nigerians recently, that got their file encrypted in a weird manner, which claimed to have hijacked files and can only be gotten by paying a certain amount of money (ranging from $490 to $980).
This ransomware was detected by users in Nigeria in a cracked version of EndNote.
STOP/DJVU Ransomeware encrypts the personal documents, and any file with extensions (.doc, .exe, .mp3, .jpg, etc) found on the victim’s computer with .peet extension and displays a message which offers to decrypt the data if payment in Bitcoin is made. The instructions are placed on the victim’s computer mostly on desktop or xammp folder in the _readme.txt file.
Below are the pictures of victims’ screens after STOP/DJVU attack.
What is EndNote?
EndNote is a commercial reference management software package, used to manage bibliographies and references when writing essays and articles. It is produced by Clarivate Analytics (previously by Thomson Reuters). – Wikipedia
However, EndNote is mostly used by authors and researchers for referencing their project work when writing and upon completion. It helps to easily fetch a reference to their scholarly works. Before you make use of EndNote, you need to install it on your computer and it runs on word documents
How do STOP/DJVU Ransomeware works?
STOP/DJVY targets all versions of Windows including Windows 7, Windows 8.1 and Windows 10. When this ransomware is first installed on a computer it will create a random named “executable” in the %AppData% or %LocalAppData% folder.
When this ransomware infects your computer it will scan all the drive letters for targeted file types, encrypt them, and then append the “.peet” extension to them. Once these files are encrypted, they will no longer be able to open by your normal programs. When this ransomware has finished encrypting the victim’s files, it will also display a ransom note that includes instructions on how to contact these cybercriminals
([email protected] or [email protected]).
This is the message that the Peet ransomware (_readme.txt) will display:
How to remove Remove PEET Ransomware
There are many articles online on how to remove STOP/DJVU (.peet) ransomeware.
Here are our recommendations:
- https://geeksadvice.com/remove-peet-ransomware-virus/
- https://www.youtube.com/watch?v=zB0yyiuZu0M
- https://www.precisesecurity.com/virus/remove-peet-ransomware-peet-files-virus/
Have a nice day
Nice, Thank you for this information.
We are glad you find it helpful.
The increase in Malware attacks is getting very high. People need more of this kind of articles in other to stay safe
Great job sir
That’s right. We will continue to do more research to get these kinds of information out. Thank you.