Home / Spyware Help / Popcorntime Ransomware Removal Guide

Popcorntime Ransomware Removal Guide

by 0 Comments

Do you know what Popcorntime Ransomware is?

Experts have discovered a new malicious application Popcorntime Ransomware recently. It is still in development, so it should not cause much harm; however, cyber criminals might update it at any time. Just like other threats that fall into the category of ransomware infections, it has been developed by cyber criminals to obtain money from people. Even though at the time of writing it encrypts files in the Efiles folder (ransomware creates it on the infected computer) which users do not have and, consequently, do not keep any personal files, it is very likely that it will be updated sooner or later. If it is true, it could access all folders and files stored on the computer. The majority of ransomware infections lock users’ files so that they could then demand a ransom. Evidently, Popcorntime Ransomware is no exception because it drops a ransom note after encrypting files asking to transfer a ransom in Bitcoins to the provided Bitcoin address. Keep in mind that it would be best not to pay money to cyber criminals because a) you cannot be so sure that files will be unlocked for you and b) if malware developers always get what they want, they will never stop releasing threats, i.e. you will support them by making a payment. Find out by reading this report what you can do to recover your data if you have already found your files encrypted.

When the ransomware infection is launched, it starts its job by checking for such files as %APPDATA%\been_here and %APPDATA%\server_step_one. If it finds the been_here file, it then terminates itself, but if it does not exist there, it starts downloading images and files (you will see a blue Downloading and Installing screen) and then encrypts files. If you encounter a version that encrypts files in only one folder Efiles, it should not cause harm to you, but, of course, you will still have to delete Popcorntime Ransomware from the system. Unfortunately, the version locking files in other directories might be released soon too. If you find files on your PC having the .filock filename extension, there is no doubt that they have been encrypted. Ransom notes restore_your_files.txt and restore_your_files.html will confirm that too. It becomes clear after reading the information provided in these files that Popcorntime Ransomware also seeks to extort money from users. The version tested by our research team asked to transfer 1 Bitcoin (~ $770) for the decryption of files. Also, it is said there that users can “send the link below to other people, if two or more people will install this file and pay, we will decrypt your files for free.” To be frank, it is very likely that this will not happen, so you should not help cyber criminals to distribute this malicious application. Instead, you should try to recover your files with the help of a free third-party data recovery tool or use a backup created before the entrance of this ransomware infection. Keep in mind that the decryption process might be unsuccessful because Popcorntime Ransomware uses the AES-256 cipher which might be hard to crack. Of course, this does not mean that we encourage you to go to buy the decryptor.Popcorntime Ransomware Removal GuidePopcorntime Ransomware screenshot
Scroll down for full removal instructions

It is not clear how Popcorntime Ransomware is distributed because it is not very popular yet, but specialists believe that it should be spread through spam email attachments mainly. In fact, it is not the only distribution method. Since it is said in the ransom note that it is possible to get the files decrypted free of charge by infecting two other users, some people might receive these referral links too. Malicious software infects the computer if the link is opened, so stay away from suspicious links. It would be smart to install a security application on the computer as well because malicious applications might find different ways to sneak onto computers unnoticed.

Sadly, there is not much you can do to unlock your files, but, luckily, you can delete Popcorntime Ransomware from your computer rather easily. Find instructions below and go to remove Popcorntime Ransomware from your system or let an automatic malware remover do this job for you.

Delete Popcorntime Ransomware

  1. Locate and delete the executable file of the ransomware infection (its name might be random).
  2. Delete restore_your_files.html and restore_your_files.txt.
  3. Press Win+R.
  4. Enter regedit.exe and click OK.
  5. Move to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  6. Right-click on the Value of the ransomware infection.
  7. Click Delete.
  8. Empty the Recycle bin.

In non-techie terms:

Popcorntime Ransomware is definitely not the only ransomware infection. To be frank, these file-encrypting threats are very prevalent these days, so users should be more cautious. What they should do is to stay away from spam emails, ignore suspicious links, and, finally, install an automatic antimalware scanner.