Pottieq Ransomware

Pottieq Ransomware is that dark rainy cloud you do not want over your head. It is a silent killer that can invade your operating system and quickly encrypt your personal files without you suspecting a thing. The worst part is that it is not possible to decrypt files, and free decryptors do not exist either. The one offered by the developer of the ransomware might exist, but our research team warns that the victims of ransomware infections do not receive decryptors even after paying money for them. So, if you do not want to be swindled out of money too, you should not even consider the option of communicating with cyber criminals and paying for the tools they might offer you. Instead, you want to focus on two things. You want to remove Pottieq Ransomware from your operating system as soon as possible. Next, you want to secure your operating system and files to ensure that they cannot be harmed by malware in the future. Luckily, you can delete malware and save the system at the same time.

According to our analysts, Pottieq Ransomware is a variant of an infection called “Aura Ransomware,” and it works almost exactly as JohnyCrypter Ransomware, a tremendously malicious threat that can encrypt program files and crash the system altogether. A removal guide for this threat can be found on this website. The infection discussed in this report does affect system files, and that is to the benefit of the attackers because if the system operates normally, users can be pushed into paying money for a decryptor that, allegedly, could decrypt corrupted personal files. Pottieq Ransomware uses a BMP file with a random name (in our case, the name was in CLSID format) created in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. The file is automatically set as your wallpaper after the encryption of files, and so you cannot miss it. The message in the image file alerts about the encryption of files and then mentions an “original key,” “decoder,” and “decrypting services.” This is bait to make you email shivamana@seznam.cz or WillardBrooks6499@gmail.com. The message informs that “assistance is not free,” and you know that you would need to pay for decryption even before you email cyber crooks. Unfortunately, we cannot tell you how much the creator of the infection would want from you, but you know already that this is not a good option, and you need to think twice if you want to reveal your email address to cyber criminals.

In fact, the creator of Pottieq Ransomware might already have your email address because the infection can be distributed via spam. Malicious downloaders and known security vulnerabilities could be used to help the infection spread too. After execution, it creates a copy of itself in the %ALLUSERSPROFILE% directory, and so, for example, if you notice that you opened a malicious file, you might be unable to stop Pottieq Ransomware, unless you know that you need to remove a copy too. The name of the copy could be completely random. Overall, the distribution of the infection is clandestine and tricky, and so you have to be vigilant. There are hundreds and thousands of other malicious infections that could try to encroach on your personal files, including Mimicry Ransomware, Matrix-NEWRAR Ransomware, and Nog4yH4n Project Ransomware. You have to be prepared to face and delete them, and the number-one thing you should do is back up your files. Do not use your system’s backup because many infections know how to mess with it. Instead, back up files online or using external storage drives. If you do this, even if your files are encrypted in the future, you will be able to restore them after you remove malware.

If many of your personal files now have the “.id-[random numbers]-[shivamana@seznam.cz].bip” extension attached to their names (this is an indication that they were encrypted), you need to look into backups. If they do not exist, you are facing a huge issue because your files are likely to be lost permanently. At the moment, a legitimate decryptor does not exist, and the one suggested by cyber criminals behind Pottieq Ransomware might not even exist. Paying the ransom for the decryptor is extremely risky, and so we do not recommend doing it. The only things we recommend doing is deleting Pottieq Ransomware and protecting your system, which you can do by employing an anti-malware program. It will remove the ransomware automatically! If this is not your preferred method of removal, refer to the instructions below.

Pottieq Ransomware Removal

1. Launch Explorer by tapping Win+E and go to the field at the top.
2. Enter %ALLUSERSPROFILE% to access the directory.
3. Delete the copy of the ransomware, {random name}.exe.
4. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup to access the directory.
5. Delete the ransom note fie, {random name}.bmp.
6. Enter the following directories to find and Delete the original launcher, {random name}.exe:
   • %TEMP%
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
7. If you cannot find the malicious .exe file, use a trusted malware scanner.
8. Empty Recycle Bin and perform a full system scan to check if your system is clean or if you still have threats to handle.