'.potato File Extension' Ransomware

The '.potato File Extension' Ransomware is a ransomware Trojan that also is known as the 'Potato Ransomware' because it marks the files that it affects with the extension '.potato.' The '.potato File Extension' Ransomware works by encrypting the victim's files, making them inaccessible. The files that have been encrypted by the '.potato File Extension' Ransomware will no longer be accessible. The victim is then asked to pay a substantial ransom to recover the files that were affected during the attack. Threats like the '.potato File Extension' Ransomware may be distributed using spam email messages, although malware analysts have received reports that the '.potato File Extension' Ransomware infections may be linked to a RAT (Remote Access Trojan) infections and installed on the victim's computer by the people responsible for the attack directly.

How the '.potato File Extension' Ransomware may Enter a Computer

There are many possible ways in which the '.potato File Extension' Ransomware could be installed on a computer, including direct installation, social engineering, or using exploits that take advantage of software vulnerabilities on the victim's computer. Once enters the victim's computer, it will make changes to the affected computer's Registry to ensure that the '.potato File Extension' Ransomware starts up whenever Windows starts up. The '.potato File Extension' Ransomware will then begin encrypting the victim's files, working in the background. Each file encrypted by the '.potato File Extension' Ransomware will be identified with the same file extension.

The '.potato File Extension' Ransomware's Ransom Note

After encrypting the victim's files, the '.potato File Extension' Ransomware will deliver a ransom note, which alerts the victim of the attack and includes instructions for paying a ransom to recover the files. The '.potato File Extension' Ransomware creates a folder named 'POTATO' on the victim's Desktop. This folder contains the following files:

'How to recover my files.txt
ID_number.txt
encrypted.txt
decryptor.exe
MSVCR100.dll'

The file 'How to recover my files.txt' contains the '.potato File Extension' Ransomware's main ransom note. The following is the full text of the '.potato File Extension' Ransomware's ransom note:

'YOUR FILES WERE ENCRYPTED
using military-grade encryption (AES-256). The encrypted files
have the additional extention .potato. You won't be able to retrieve your
data unless you make a payment by following the steps below:
1. Download the TOR browser
2. Access the following adress through TOR Browser for further instructions
http://tzakpakp6v5vwqqh.onion/
3. Enter your ID (see below) and hit 'GET KEY' for further instructions
NOTICE: There's a folder on your desktop named POTATO which
contains the following files:
ID_number.txt – an unique number that identifies your computer, which is mandatory for the payment process
encrypted.txt – a list of files that were encrypted; if you decide to have them back,
DO NOT DELETE IT
decryptor.exe (including MSVCR100.dll) – the program you'll use for decryption
once the payment is made and the decryption key is transmitted to you'

Dealing with the '.potato File Extension' Ransomware

PC security analysts strongly advise computer users against paying the '.potato File Extension' Ransomware ransom. There is no guarantee that the people responsible for this attack will keep their promise and restore the affected files. It is equally likely that the con artists will simply ignore the victim or even ask for more money. Even if the decryption key that they deliver does work, the ransom payment helps finance their activities and create more threats.

Unfortunately, the files encrypted by the '.potato File Extension' Ransomware cannot be recovered without the decryption key. Because of this, it is critical to take preemptive measures to minimize the damage caused by attacks like the '.potato File Extension' Ransomware. Malware researchers strongly advise computer users to backup all files on the cloud or an external memory device. File backups allow computer users to restore the affected files quickly, removing any need to pay the ransom. Apart from backups, you should have a reliable security program that is fully up-to-date to prevent the '.potato File Extension' Ransomware Trojan from entering the targeted computer.

SpyHunter Detects & Remove '.potato File Extension' Ransomware