Pottieq Ransomware Removal Guide

Was your Windows operating system attacked by the malicious Pottieq Ransomware? If it was, your personal files are not encrypted, and the “.id-[random]-[shivamana@seznam.cz].bip” extension is added to their names. The [random] part in the extension represents a unique number that the infection presents to each victim. If you discover that your files were encrypted, there isn’t much you can do because a free decryptor does not exist. Unfortunately, the one offered by the creator of the infection cannot be trusted. Even if this tool exists, it is unlikely that it would be provided to you if you paid the ransom. How much are you supposed to pay for it? That is something we cannot answer because every victim might be introduced to a unique sum. In any case, whether or not you go along with the demands of cyber criminals, you must delete Pottieq Ransomware from your operating system, and we hope that you will be able to remove this malicious infection using the tips presented in this report.

First things first: Do you have backups? Backups are very important because if they exist, you should have no reservations about removing Pottieq Ransomware from your operating system at all. Backup copies are copies of your photos, documents and other personal files that are stored on external drives, virtual clouds or local backups (e.g., on Windows). When it comes to the latter solution, we do not recommend it because some infections (e.g., Matrix-NEWRAR Ransomware, Zzz12 Ransomware, and Cmb Dharma Ransomware) can delete shadow volume copies. All in all, if your personal files are corrupted or destroyed by malicious ransomware, you do not need to worry about it if backups exist. If backups do not exist, we are dealing with an entirely different scenario because if your files cannot be recovered, but they are extremely important to you, you might end up following the instructions that the creator of Pottieq Ransomware presents using a BMP file. This file has a random name in CLSID format, and it is created in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. If you do not remove this file, it pops up on the screen whenever you start your computer.

The BMP file created by Pottieq Ransomware is displayed as the Desktop wallpaper as soon as the files are encrypted. The message inside the file informs that only a special “decoder and the original key” can help recover files. To obtain it, you are asked to email cyber criminals at shivamana@seznam.cz and WillardBrooks6499@gmail.com. Without a doubt, communicating with cyber criminals is not a good idea because you do not want them sending you malicious files or links. Of course, first, the attackers hiding behind Pottieq Ransomware would ask you to pay money for the decryption tools. If you pay the money – and the sum is likely to be quite substantial – it is unknown if you would get the decryptor. Most victims of ransomware do not get anything in return after paying the ransoms, which is why we suggest that you focus on removing the infection and protecting the operating system against malware to ensure that malicious threats cannot invade the operating system.

You can protect your Windows operating system against malware and remove Pottieq Ransomware at the same time using an anti-malware program. It has to be trustworthy and up-to-date, of course. The right program will automatically find and delete the launcher of the ransomware, as well as its copy (created in the %ALLUSERSPROFILE% directory). You might have to change the wallpaper afterward, but this is an easy task. Another option you have is to delete Pottieq Ransomware manually, but that is easier said than done. Of course, our research team has created a guide that should help you, but if you find the removal problematic, make sure you are cautious. If you make more mistakes, you could create even more problems for yourself. Have more questions you want to ask us? Use the comments section.

How to delete Pottieq Ransomware

1. Find and Delete the launcherof the ransomware. Its name is unknown, and it could have been dropped anywhere, but some of the possible locations are:
   • %TEMP%
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
2. Delete the copy of the launcher in %ALLUSERSPROFILE%.
3. Delete the ransom note file ([random name].bmp]) in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.
4. Empty Recycle Bin.
5. Do NOT forget to check for leftovers using a legitimate malware scanner.

N.B. If you do not know how to reach the directories listed in the guide above, know that you can do that via the Windows Explorer (tap Win+E to launch). Enter the desired directory into the bar at the top and then tap Enter on the keyboard.