Popcorntime Ransomware

Popcorntime Ransomware is the newest infection to come from the HiddenTear family. HiddenTear is a source-code that can be used by anyone to create a ransomware infection. In the past, it was used by APT Ransomware, 8lock8 Ransomware, GhostCrypt Ransomware, and many other threats whose removal we have discussed in different reports. Luckily for us, all of these threats act in similar ways, which makes it easier for us to predict how they act, and, due to the extensive research we have conducted, we know how to eliminate these infections much faster. In this report, we show you how to remove Popcorntime Ransomware from your operating system. Keep in mind that if this threat has encrypted your files, you do not have many options, and there is a great possibility that you will end up losing them. Let this be a lesson to take better care of your virtual security and your personal files.

According to our research team, Popcorntime Ransomware uses the AES-256 encryption algorithm to lock your personal files. This infection is still being developed, and it could improve in many ways, but we already know that it targets all kinds of files. Of course, it is most devastating that this threat can encrypt your personal files, such as documents, media files, or photos. When the files are encrypted, the “.filock” extension is added to them, and that is how you can tell which files were encrypted. Once the encryption is complete, you will not be able to open your files, even if you delete the new extension added to them. Immediately after the encryption, Popcorntime Ransomware creates files called “restore_your_files.txt” and “restore_your_files.html”. This is where the demands by cyber criminals are laid out. The same demands are also represented via a window that pops up in the middle of the screen. This window cannot be closed or minimized, and you will remove it only when you remove the ransomware.

The main demand from cyber criminals is that you pay a ransom of “at least 1.0 Bitcoin,” which is a very random request. In most cases, the creators of malicious ransomware infections give very specific instructions where the sum demanded is very concrete. Are you familiar with the Bitcoin currency? 1 Bitcoin converts to around 770 USD, but this currency is completely unstable, and the sum you pay might be completely different. Overall, the ransom of 1 BTC is very big, and not all users will have enough money to cover it. In fact, we cannot advise paying the ransom even if 770 Dollars is not a big sum for you. As you know, cyber criminals are unpredictable, and they could easily take your money for nothing in return. Unfortunately, it is possible that your files will remain locked after you enter your unique ID, the Bitcoin Address, and the transaction code into the allocated areas. This is why you have to think before you make the final commitment to pay the Popcorntime Ransomware ransom.

It was found that Popcorntime Ransomware can spread via spam emails, as well as referral links. According to our researchers, victims could be coerced into forwarding corrupted links to other people to get decryption codes for free. Because the infection is still being developed, we do not know if this method of distribution will be used, but the potential is there. Needless to say, this could help cyber criminals spread this infection wider. Obviously, if you find yourself in a situation where you might get the code for free, remember that you are dealing with cyber criminals, and there are no guarantees that you would actually get the decryption code as promised.

The elimination of Popcorntime Ransomware is not complicated, as long as you know what to do with the files that were corrupted. In reality, you win only if your files are backed up. If you have taken good care of your files, they are now backed up, and you can access and transfer them to your operating system after you delete the ransomware from your operating system. Otherwise, the devious cyber criminals have got you good. When it comes to the removal of the threat, you have to find and delete the main .exe file, which is not always easy to do. If you are having issues, do not hesitate to install automated malware detection and removal software. After all, it is high time you invested in your virtual security.

Popcorntime Ransomware Removal

1. Right-click and Delete the malicious .exe file (you can use a legitimate malware scanner to find it).
2. Right-click and Delete the file called restore_your_files.html (should be placed next to encrypted files).
3. Right-click and Delete the file called restore_your_files.txt (should be placed next to encrypted files).
4. Launch RUN by tapping keys Win+R and enter regedit.exe into the dialog box.
5. Move to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
6. Right-click and Delete a value (could be named Popcorn_Time) that is linked to the malicious .exe file in step 1.
7. Scan your PC for leftovers.