A new ransomware may be going around calling itself "Potato". This ransomware adds the extension ".potato" to files; e.g. "picture.jpg.potato". The ransom note left is called "README.png" or "README.html".
Victims are asked to go to the website http://tzakpakp6v5vwqqh.onion/, where they are told to contact the malware author at firstname.lastname@example.org.
We are still looking for a sample of the malware. It is suspected the malware author is using the DarkComet RAT to remote into victim's machines and execute the ransomware, as this was found alongside password extraction tools on a victim's machine.