Pottieq ransomware

September 27, 2018

What is Pottieq ransomware

Pottieq ransomware is a crypto-virus that demands to pay a ransom for locked files. Pottieq is the new variant of the cryptovirus that has been using the same email server since 2017. Like many researchers who analyzed this cyber threat say, this ransomware has various similarities to other ransomware like Aurora, Dharma, CrySiS. The .id-%ID%-.pip file extension pattern, which is used by Pottieq ransomware, looks identical to a variety of other file-locking extensions. However, based on the ransom note content, the contact email, and other details, this crypto-virus should be linked with BandarChor ransomware. This particular virus demands a ransom in a note displayed on the black window. There is no information on how big the ransom is but, based on typical ransomware activity, this ranges from 1 to 10 BTC. People behind the attack are using AES-256 encryption method to lock files in various formats.

Pottieq ransomware

The developers of Pottieq virus are claiming that they are the only ones who can restore files encrypted by the virus. However, you shouldn’t pay the ransom or contact these cybercriminals in any way as hackers responsible for this attack cannot be trusted. There is an opportunity that they will ignore you right after your payment is transferred to their crypto wallet.

Download Removal Toolto remove Pottieq ransomware

Data encryption process starts when a virus infiltrates the system. It uses an army-grade encryption algorithm to lock photos, videos, music files or documents. Once this procedure is finished, the virus adds a file extension in a .id-%ID%-.pip pattern. This appendix shows which files are locked. In every folder, containing the encrypted data, Pottieq ransomware also places a ransom note that includes the following:

Pottieq ransomware is a silent cyber infection that can come from infected emails or illegal websites. According to VirusTotal, one of the executable files is SkyTel.exe. Once it gets into the system, the virus can alter the Windows Registry, so that it could launch the malevolent processes once you reboot your infected device.

You should remove Pottieq ransomware with anti-malware tools like because, as the file analysis shows, various anti-malware programs can detect this threat and remove it successfully. For example, Avast indicates this virus as Win32:Malware-gen, Avira shows is as TR/Kryptik.ytenf, names this threat as Ransom.Aura.

Pottieq ransomware removal should be a quick process if you use a reputable anti-malware program. A full system scan is required because this threat has various alliances planted on the system and you cannot find them all. However, if some of these related files or malware remains on the system ransomware can still encrypt your data.

Researchers advise you to focus on virus termination and worry about data recovery only after the ransomware is gone. Unfortunately, the decryption tool is not developed yet, so there is no possibility to decrypt your locked data. However, there are a few suggestions on data recovery tools down below. Try to use these tips if you have no backup files on and an external device.

How does Pottieq ransomware works

Ransomware creators employ various malware to spread the malicious payload of this threat. The silent infection means that the main intrusion is happening without your consent and knowledge. The primary method for spreading ransomware payload is spam email attachments with infected files. Malspam campaigns are used to infect average users and to spread huge ransomware attacks on corporations and companies.

Download Removal Toolto remove Pottieq ransomware

Emails containing the malicious file can look safe and legitimate because malicious actors often hide their products behind a well-known service name, they misuse various company or product name. However, you can look for typos or grammar mistakes on the main content of this email, that indicates about the suspiciousness of the message.

You can also try to contact the sender back, and if that is impossible, it is a red flag. Delete these emails without opening or downloading. If you are not expecting an email remember to be aware of the possible threats in these commercial content-filled emails, come to your box.

How to delete Pottieq ransomware

To remove Pottieq ransomware, you should use a reputable anti-malware tool like , or Anti-MalwareNorton Internet Security. These are trustworthy and can detect various ransomware related files or malware that spreads this malicious script. Anti-malware programs perform a full system scan on your device and detect threats, system vulnerabilities or other possible issues. This tool also removes cyber infections from your PC and cleans the system thoroughly.

Using anti-malware for Pottieq ransomware removal is a great solution for the whole system since the full system scan cleans every little threat and vulnerability. Also, when your device is clear from ransomware and other infections you can safely replace your locked files with new and safe ones from a backup. Remember that ransomware can encrypt and newly placed files if the threat is still on the computer. Use your tips on ransomware termination and data recovery, provided below.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Pottieq ransomware. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Pottieq ransomware Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Pottieq ransomware or anything related to it, and once you find it, press ‘Remove’.

Uninstall Pottieq ransomware Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Pottieq ransomware or anything related to it, and once you find it, press ‘Remove’.

Delete Pottieq ransomware Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Pottieq ransomware or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Pottieq ransomware.safariextz appears on the list, select it and press ‘Clear’.

Remove Pottieq ransomware Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Pottieq ransomware or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Pottieq ransomware is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Pottieq ransomware program.
  7. Select Pottieq ransomware or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Pottieq ransomware

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Pottieq ransomware

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Pottieq ransomware, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find Pottieq ransomware in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Download Removal Toolto remove Pottieq ransomware
  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *