RANSOMEWARE HIT MANY PEOPLE IN NIGERIA, Detected in ENDNOTE - encrypt file as .peet

By Abdullahi Loke

An attack has been launched against Nigerians recently, that got their file encrypted in a weird manner, which claimed to have hijacked files and can only be gotten by paying a certain amount of money (ranging from $490 to $980). 

This ransomware was detected by users in Nigeria in a cracked version of EndNote.

STOP/DJVU Ransomeware encrypts the personal documents, and any file with extensions (.doc, .exe, .mp3, .jpg, etc) found on the victim’s computer with .peet extension and displays a message which offers to decrypt the data if payment in Bitcoin is made. The instructions are placed on the victim’s computer mostly on desktop or xammp folder in the _readme.txt file.

Below are the pictures of victims’ screens after STOP/DJVU attack.

What is EndNote?

EndNote is a commercial reference management software package, used to manage bibliographies and references when writing essays and articles. It is produced by Clarivate Analytics (previously by Thomson Reuters). – Wikipedia

However, EndNote is mostly used by authors and researchers for referencing their project work when writing and upon completion. It helps to easily fetch a reference to their scholarly works. Before you make use of EndNote, you need to install it on your computer and it runs on word documents

How do STOP/DJVU Ransomeware works?

STOP/DJVY targets all versions of Windows including Windows 7, Windows 8.1 and Windows 10. When this ransomware is first installed on a computer it will create a random named “executable” in the %AppData% or %LocalAppData% folder.

When this ransomware infects your computer it will scan all the drive letters for targeted file types, encrypt them, and then append the “.peet” extension to them. Once these files are encrypted, they will no longer be able to open by your normal programs. When this ransomware has finished encrypting the victim’s files, it will also display a ransom note that includes instructions on how to contact these cybercriminals

([email protected] or [email protected]).

This is the message that the Peet ransomware (_readme.txt) will display:

How to remove Remove PEET Ransomware

There are many articles online on how to remove STOP/DJVU (.peet) ransomeware.

Here are our recommendations:  

  1. https://geeksadvice.com/remove-peet-ransomware-virus/
  2. https://www.youtube.com/watch?v=zB0yyiuZu0M
  3. https://www.precisesecurity.com/virus/remove-peet-ransomware-peet-files-virus/

Have a nice day

Spread the word

4 thoughts on “STOP/DJVU Ransomeware Hit Many People in Nigeria, Detected in ENDNOTE – encrypt the file as .peet”

  1. The increase in Malware attacks is getting very high. People need more of this kind of articles in other to stay safe
    Great job sir

Leave a Comment

Your email address will not be published. Required fields are marked *