Home Malware Programs Ransomware Pottieq Ransomware

Pottieq Ransomware

Posted: September 7, 2018

The Pottieq Ransomware (also known as Aura Ransomware) is a file-locker, which has been active for over a year and, unfortunately, it appears to use a secure file-encryption method, which ensures that its victims can't rely on a 100% working free decryption and file recovery software. According to malware researchers, the Pottieq Ransomware is based on the BandarChor Ransomware, a ransomware family that was first spotted in 2017 and has been utilized as a foundation for several other file-encryption Trojans.

It is likely that the Pottieq Ransomware is being spread via various propagation channels, but its authors appear to be fans of spam e-mails. Their propagation campaigns use fraudulent, misleading e-mail messages to convince their targets to download a corrupted file attachment, which might be presented as a harmful document that contains important information. When the Pottieq Ransomware is executed, it will begin to carry out its harmful attack immediately which, unfortunately, is likely to leave the victim with a hard drive full of encrypted files. Whenever the ransomware encrypts a file successfully, it will rename it by adding the '.id-%ID%-[shivamana@seznam.cz].pip.' This naming pattern is very similar to the one used by the Dharma Ransomware, but malware experts have determined that this is a coincidence and the Pottieq Ransomware is related only to the BandarChor family.

After it is finished encrypting files, the Pottieq Ransomware will replace the desktop wallpaper with a custom-made image, which also serves the purpose of a ransom note. According to it, the victim's encrypted data can be recovered with the use of specialized decryption software that only the cybercriminals behind the Pottieq Ransomware can provide. Naturally, they would not do this for free and have added that victims will need to pay a reasonable price to get their hands on a decryptor. Last but not least, the attackers have included the addresses shivamana@seznam.cz and WillardBrooks6499@gmail.com as the only ways to get in touch with them.

Unfortunately, the Pottieq Ransomware is not compatible with free decryption software, and its victims might be unable to get their files back unless they have the habit to back up their important files regularly. However, not having a backup certainly does not mean that you should agree to send money to the Pottieq Ransomware's authors, especially when there is a significant chance that they might end up tricking you. The advice is to dispose of the threatening application by using a trustworthy anti-virus scanner. However, the removal of the Pottieq Ransomware is only a partial solution, and you will still need to find a way to get your files decrypted. Even if such a solution is not available now, we advise you to preserve the corrupted files, since there is a glimmer of hope that their free decryption might be possible in the future.

Loading...