Popcorntime Ransomware

What is Popcorntime Ransomware?

There are different types of malicious applications out there, and ransomware is one of the most dangerous threats. Popcorntime Ransomware is a new file-encrypting ransomware infection seeking to extort money from users. It is based on the engine of the HiddenTear open-source ransomware, and it still seems to be in development because it only targets the folder called Efiles. Since users usually do not have this folder on their PCs, the current version of this infection does not cause harm to them. Of course, the situation might quickly change, i.e. the fixed version of Popcorntime Ransomware might act completely differently. In other words, it might encrypt other folders too and, consequently, make it impossible to access a bunch of files. As has been mentioned, the one and only purpose of the ransomware infection is to obtain money from people, so it is not surprising that the encrypting of files is the main activity it performs on the infected computer. If you ever encounter Popcorntime Ransomware, go to delete it immediately no matter you find your files encrypted or they are left untouched. It uses the AES-256 encryption algorithm, so it will not be a piece of cake to unlock files, but you should still not give up hope to recover your data without the key cyber criminals have on their private server.testtesttest

What does Popcorntime Ransomware do?

At the time of writing, Popcorntime Ransomware encrypts files in the Efiles folder only. If you do not have this folder on your computer, your files will not be affected. Of course, it does not mean that a new version of this threat cannot be released, so you definitely cannot feel very safe. Users who will encounter a version encrypting files in all the directories should quickly notice the changes because their personal files will receive a new filename extension .filock. As has been found, once the encryption is finished, two files containing the ransom note are dropped on the computer: restore_your_files.txt and restore_your_files.html. Also, a window on Desktop is opened. It is perfectly clear after reading these ransom notes that Popcorntime Ransomware does not differ from other similar threats. The .html ransom note indicates that 1 Bitcoin (approximately 770 dollars) has to be sent to restore files “the fast and easy way.” This has to be done within the given time. You should not transfer money to cyber crooks even if you find your files locked because the tool to decrypt those files might not be sent to you after making a payment. Also, there might be other ways to unlock files stored on the computer too. If you find your files locked, i.e. having the filename extension .filock, you should use free data recovery tools after the removal of this ransomware infection. They might help you to unlock some of your files. Alternatively, files can be recovered from a backup. Of course, a backup will, most probably, be of no use if you have kept it on the computer all this time (most probably, it has been encrypted too), but you should still give it a shot.

Where does Popcorntime Ransomware come from?

There are several different ways ransomware infections are spread. In most cases, users allow these threats to enter their computers by opening a spam email attachment. The malicious file installing ransomware might be even disguised as an ordinary document there. Specialists have also revealed that it has another distribution method too. Users can become infected with Popcorntime Ransomware via another victim’s referral link. If the ransom is paid, the user who spread the referral link should get all the files decrypted free of charge (it is said so in the ransom note). Of course, there are no guarantees that this infection will really act this way, so there is no point in spreading the referral link (it is provided in the ransom note) and thus causing problems for other people too.

How do I remove Popcorntime Ransomware?

The window opened on Desktop by Popcorntime Ransomware should not lock the screen, so you should be able to access it quite easily and thus remove restore_your_files.html, restore_your_files.txt, and popcorn_time.exe files dropped on the computer by the ransomware infection. In order not to let this threat launch automatically and open the window with a message on Desktop again, you need to delete its value from the Run registry key (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) as well. If you find these removal steps too difficult and our manual removal instructions do not help you at all, you should scan your computer with an automatic malware remover. You can download SpyHunter, which is a reputable antimalware suite, by clicking the Download button.

Delete Popcorntime Ransomware manually

  1. Press Win+R.
  2. Type regedit.exe.
  3. Open HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  4. Locate the Value of the ransomware infection, right-click on it, and select Delete.
  5. Remove the random .exe file of the ransomware.
  6. Delete .html and .txt ransom notes from Desktop.
  7. Empty the Recycle bin.
  8. Reboot your computer after the deletion of this computer infection.
100% FREE spyware scan and
tested removal of Popcorntime Ransomware*

Leave a Comment

Enter the numbers in the box to the right *