The most recent Djvu/STOP ransomware variant is called Pohj ransomware. Like all earlier versions, Pohj ransomware encrypts users’ files and demands payment to unlock them. The .pohj extension is added to encrypted files, hence why it’s called Pohj ransomware. You won’t be able to open any of the encrypted files without a decryptor. And only the cybercriminals behind this ransomware have access to a decryptor. Victims are asked to pay $980 for it.


Pohj ransomware note


As soon as the infection is initiated, it will immediately start encrypting files. It mostly focuses on personal files, such as photos, videos, and documents. It will be clear which files have been encrypted because of the .pohj extension. Unfortunately, you won’t be able to open files that have this extension unless you decrypt them first using a decryptor. However, since only the malware operators have the decryptor, getting your hands on it won’t be easy. How you can buy it is explained in the _readme.txt ransom note that is dropped in each folder that has encrypted files. The note doesn’t say much but it does contain instructions.

Pohj ransomware files

According to the ransom note, a decryptor for Pohj ransomware costs $980. Victims who get in touch with malicious actors within the first 72 hours will supposedly get a 50% discount, though you should be skeptical. In general, it is not a good idea to cooperate with cyber criminals or pay the requested ransom. There are no guarantees that a decryptor will be sent to you if you pay the ransom. Ransomware does not function like a typical business, and its operators cannot be trusted. Even if victims pay, the malware operators are unlikely to feel any kind of commitment to assist them. It’s also important to note that the money victims pay would support future malicious activity. And the fact that victims are prepared to pay the ransom is one of the factors why ransomware is so successful.

For victims without backups, a free Pohj ransomware decryptor is, unfortunately, not yet available. Because ransomware versions from this family use online keys to encrypt files, it is challenging for malware researchers to make a decryptor. Online keys mean the keys are unique to each user. Your specific key is needed for a decryptor to work on your files. It’s doubtful that a decryptor will be made available unless cybercriminals release the keys. It’s not impossible that this may happen so you should back up your encrypted files while you wait.

We should mention that you need to be very cautious when looking for decryptors because there are many fake ones. If you cannot find a decryptor on a legitimate site like NoMoreRansom, you won’t find it anywhere else.

If you have a backup of your data, you can start recovering files as soon as you delete Pohj ransomware from your computer. Ransomware is a pretty sophisticated infection, which is why you shouldn’t try to remove Pohj ransomware unless you know what you’re doing. Otherwise, you could cause additional damage. It’s much safer to use anti-malware software.

Ransomware distribution methods

Ransomware spreads through things like torrents and email attachments, just like the majority of malware infections. You are much more likely to pick up an infection if you have bad online habits.

Email attachments are the preferred method of malware distribution for cybercriminals. They purchase thousands of email addresses from hacker forums for their malicious email campaigns and attach malicious files to emails. When users open those malicious attachments, they trigger the malware to initiate. Because they are usually very low-effort, these kinds of emails are usually easy to recognize. The grammar and spelling mistakes are the easiest to spot. The errors are quite obvious because malicious senders frequently pretend to be representatives of legitimate companies. Errors are uncommon in legitimate emails because they look unprofessional.

Another clue that an email might be malicious is the use of generic terms like “User”, “Member”, and “Customer” in place of your name in emails supposedly sent by companies whose services you use. When sending emails to consumers, companies always address recipients by name. However, malicious actors usually don’t have access to personal information so they use generic words.

Malicious actors may send much more sophisticated malicious emails if they have access to the recipients’ personal information and target them specifically. Such emails would use users’ names to address them, have little to no grammar and/or spelling mistakes, and provide information that would increase the email’s credibility. Therefore, before opening any unsolicited email attachments, it is strongly advised to scan them with anti-virus software or VirusTotal.

Torrents are regularly used to spread malware. Cybercriminals can post torrents with malware in them because torrent sites are very poorly moderated. Users that use torrents have a higher chance of getting malware on their machines. Torrents for entertainment-related content (movies, TV shows, and video games) are the ones that are most likely to contain malware. We strongly advise against downloading copyrighted content via torrents because, in addition to being technically stealing, it puts your computer and data in danger.

Pohj ransomware removal

It is strongly advised that you remove Pohj ransomware using anti-virus software. A professional program should be used to delete Pohj ransomware because it’s a very sophisticated infection. If you try to manually remove Pohj ransomware, you run the risk of causing additional damage to your computer. Once the ransomware has been completely removed by the anti-virus program, you can begin restoring files from your backup.

If you don’t have a backup of your files, the free Djvu/STOP ransomware decryptor from Emsisoft is worth a try. Even if it has a low chance of success, it is still worth a try. If it doesn’t work, your only option is to wait for the release of a free Pohj ransomware decryptor. If it ever is released, it would be posted on NoMoreRansom.

Pohj ransomware is detected as:

  • Win32:TrojanX-gen [Trj] by AVG/Avast
  • Trojan.GenericKD.62706793 (B) by Emsisoft
  • A Variant Of Win32/Kryptik.HRDI by ESET
  • HEUR:Trojan.Win32.Packed.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Trojan.GenericKD.62706793 by BitDefender
  • Artemis!8F7DA1F9D171 by McAfee
  • Trojan:Win32/Raccoon.RM!MTB

Pohj ransomware detections


Quick Menu

Step 1. Delete Pohj ransomware using Safe Mode with Networking.

Remove Pohj ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Pohj ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Pohj ransomware
Remove Pohj ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Pohj ransomware

Step 2. Restore Your Files using System Restore

Delete Pohj ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Pohj ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Pohj ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Pohj ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Pohj ransomware removal - restore message
Delete Pohj ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Pohj ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Pohj ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Pohj ransomware - restore init
  8. Choose the restore point prior to the infection. Pohj ransomware - restore point
  9. Click Next and then click Yes to restore your system. Pohj ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply