Pottieq Ransomware

Posted by Lisa Blanc on October 2, 2018

What is Pottieq Ransomware?

Pottieq Ransomware is known to be a variation of Aura Ransomware. The ransomware infection has been developed to lock files on affected computers, but, luckily, it does not encrypt any system files. This means that you could continue using your computer normally. Of course, you could no longer access any of your personal files. This threat is quite sophisticated malicious software because it, unlike simpler ransomware infections, copies itself to %ALLUSERSPROFILE% and drops a ransom picture in the Startup folder so that it would be opened for the victim automatically after the system restart. The ransom note dropped let users know that the decryption service is not free: “our assistance is not free, so expect to pay a reasonable price for our decrypting service.” Ransomware developers always want money from users they manage to affect, but you should not give them a cent. We say so not without reason. It is very likely that you will not get anything from cyber criminals if you make a payment. In other words, the chances are high that your files will stay encrypted no matter what you do, so, in our opinion, it would be best to delete Pottieq Ransomware fully and then try out all alternative ways to decrypt files. For example, you can restore them from a backup. Second, you can wait until the free decryptor is released. Third, you can use available data recovery tools. Unfortunately, we cannot promise that you could fix all your files.test

What does Pottieq Ransomware do?

Pottieq Ransomware is a threat that will lock files on your computer after the successful entrance. It encrypts a bunch of personal files and then adds a lengthy extension to all of them, for example, file.jpg will become file.jpg.id-1724631470535871-[shivamana@seznam.cz].bip. As a consequence, you could easily say which of your files have been encrypted. As mentioned, Pottieq Ransomware does not lock any Windows files, which means that you could still use your PC after the successful entrance of this malicious application. Once the ransomware infection is launched and encrypts files successfully, it drops a picture (it has a random name) in the .bmp format to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. The beginning of the message informs the victim that his/her computer has been affected by “a virus-encoder” and, as a consequence, files have been encrypted using a strong encryption algorithm. We have to agree that it might be extremely hard to crack encryption algorithms ransomware infections use. We are not going to lie – purchasing the special decryptor from cyber criminals might be your only chance to get your files back. Of course, it does not mean that it is very clever to purchase a decryptor from cyber criminals. No doubt crooks behind Pottieq Ransomware will not give you the tool that can unlock encrypted files for free. They want victims to contact them by sending an email to shivamana@seznam.cz or WillardBrooks6499@gmail.com (an alternative email address). If you do as instructed, you should get more information about the decryption. That is, you should find out the decryptor’s price and get instructions on how to make a payment.

Where does Pottieq Ransomware come from?

According to researchers, Pottieq Ransomware should be spread the same as a bunch of other ransomware infections. In other words, it should be mainly spread via emails. Most probably, spam emails. Malware might be presented to users as an ordinary email attachment, or they might allow it to enter their computers by clicking on the malicious link an email received contains. Users might also download malicious software from a torrent or a similar random website. Last but not least, ransomware infections might be dropped by cyber criminals after hacking users’ RDP connections or downloaded by malicious software that is already installed on the system. We have to admit that it is not always easy to prevent malware from entering the system. Of course, it does not mean that you have to be an expert. What you need to do is simply install a reputable antimalware tool on your system.

How to remove Pottieq Ransomware

To delete Pottieq Ransomware fully from the system, you need to delete its copy from %ALLUSERSPROFILE%, a ransom note from the Startup folder, and, finally, erase all recently downloaded files in order to get rid of the malicious executable file that launches the ransomware infection. You can clean your system automatically, but if you decide to delete malware manually, you should use the removal guide provided below in order to erase the infection fully. Keep in mind that a single malicious component left on the affected computer might allow malware to revive and continue performing malicious activities.

Pottieq Ransomware removal guide

  1. Open Windows Explorer (Win+E).
  2. Open %ALLUSERSPROFILE%.
  3. Select Filename.exe.
  4. Go to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.
  5. Delete the .bmp image named in the CLSID format, e.g. {I39SN97D-D73M-YLR9-1I59-EW9R799VKF}.bmp.
  6. Check %TEMP%, %USERPROFILE%\Desktop, and %USERPROFILE%\Downloads on your PC.
  7. Delete all suspicious files you have downloaded recently.
  8. Empty Trash. 100% FREE spyware scan and
    tested removal of Pottieq Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *