Potato Ransomware Removal

I wrote this article to help you remove Potato Ransomware. This Potato Ransomware removal guide works for all Windows versions.

Cybercriminals keep on creating infections with more and more bizarre names, just like the Potato Ransomware. Yes, it is real but it is still under development. However, it is already dangerous as it belongs to the dreaded family of ransomware. Even though it is named Potato, which doesn’t sound so scary, this pest is fully capable of causing you a ton of issues. Like all the infections of this type, Potato follows a pretty standard pattern. First, it tricks you into allowing it to enter. Second, it makes all of your files inaccessible. And third, it exports you for money in exchange for freeing your files.

As you probably know, money is all ransomware pieces` main goal. All crooks want is to get to your back account and they are using a pretty clever scheme to do so. Let`s explain what Potato does step by step. First, it invades your system without you realizing. There are many techniques which the ransomware could use but what it needs the most are your distraction and carelessness. For example, Potato may land directly into your regular inbox posing as a legitimate email from a shipping company or as a job application. From there, you do the rest by opening the email without knowing who it is from.

Remove Potato Ransomware
The Potato Ransomware

Always double check a message without opening it. If it is from an unknown sender or it looks suspicious, delete it right away. Moreover, stay away from illegitimate websites, unverified download sources, third-party pop-ups, etc. A ransomware could also be disguised as a program update or it may even use the help of a Trojan to enter. The point is, you should always be on the alert. Do not be negligent as, in this way, you are only helping parasites infect you.

After managing to trick you into giving it green light, Potato doesn’t waste any time. Once in, it immediately performs a scan of your machine in search of your private files. And it does find them all AND it encrypts them. All of your pictures, music, videos, files, Word documents, presentations, etc. fall into the ransomware`s hands. Potato locks them with the AES-256 encryption algorithm thus effectively denying you access to any of them.

The pest also adds the “.potato” extension at the end of each locked file. Seeing your data renamed like that is a clear sign that the encryption process has finished and all of your files have been turned into unusable gibberish. We assume you have some very important information on your machine. Most people do and that is exactly what crooks pray for. If they lock this precious information you will be more likely to panic and give them what they want. This is why when the file-locking process finishes, Potato drops a note for you in each folder, containing encrypted data.

The note is named README and it comes in “png” and “html” formats. According to it, your only way of recovering your files is by obtaining a special decrypter, which of course, you have to pay for. The crooks even provide an email address – potatoransom@sigaint.org – which you are supposed to use to contact them and receive detailed payment information. They claim that once you pay, they will send you the tool to unlock your data. But, can you really trust these people? They are cybercriminals and they are responsible for your locked data in the first place.

Like we already mentioned, these people only care for your money. Most of the times, if you pay, they just take your money and don’t send you anything. Then, they use your money to develop more infections so they can extort more people. And meanwhile, by paying you are giving them access to your private details and they can use them as they see fit. It is not worth it risking your privacy for a decrypter which you may not even get. Forget about paying. Instead, use our removal guide below which is completely free and which will help you deal with this greedy ransomware.

Potato Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Potato Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Potato Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.