Potato Ransomware Data Recovery

Potato is a new ransomware that was first spotted in the wild in early September 2016. This ransomware is being distributed through email attachments and is currently targeting users in the United States. Once Potato Ransomware has encrypted a user’s files, it will append the “.id-{victim id}.[malware authors email].potato” extension to them. For example, a file named “sample.jpg” would be renamed to “sample.jpg.id-0123456789ABCDEF.[malware authors email].potato”. After the encryption process is completed, it will drop a ransom note named “!!! READ THIS – IMPORTANT !!!.txt” in each folder that contains encrypted files. This ransom note contains instructions on how the victim can purchase a decryptor from the cybercriminals.

Potato is a dangerous threat that can result in the loss of important data.

It will target and encrypt a wide range of file types, including: images, videos, documents, and more.

Prevention tips

To prevent Potato and other ransomware threats, we recommend you take the following steps:

1) Install and maintain reliable anti-malware software

2) Keep your operating system and software up to date

3) Avoid opening email attachments from unfamiliar senders

4) Do not download or install software from untrustworthy websites

5) Back up your important files regularly

Ransom amount: Potato will demand a ransom of 0.5 Bitcoin, which is currently worth approximately $625. So, the ransom may change depending on the value of Bitcoin when the ransomware encrypts your files. Also, it depends on the number of files encrypted. 

If Potato Ransomware is currently running on your system, you can try to stop it from encrypting your files by taking the following steps:

• Disconnect your computer from the Internet
• Enter Safe Mode with Networking

If you have this ransomware on your system, we recommend you follow the steps below to attempt to remove it:

1) Use an anti-malware program to scan for and remove Potato Ransomware

2) Use a ransomware decryptor tool to attempt to recover your files (if possible)

3) Restore your files from a backup (if you have one)

If you have been infected with Potato, it is important to take action immediately to prevent further damage. This ransomware can be a difficult threat to remove, and in some cases, may require the assistance of a professional. However, taking action quickly can help to increase your chances of success.

Public decryption tool

The Potato Ransomware decryptor is currently not available publicly and there are no known ways to decrypt files encrypted by Potato Ransomware for free.

However, researchers may release a free decryptor in the future. But you should use caution when downloading any decryptor tool, as some may be fake or malicious.

Paying the ransom

We do not recommend paying the Potato Ransomware ransom, as this is no guarantee that you will recover your files. In addition, by paying the ransom, you would be supporting the activities of cybercriminals.

So, the best course of action is to seek professional help. Do not try to remove it yourself as you could end up causing more damage. Potato Ransomware is a serious threat and should be removed by experienced professionals.

Contact SalvageData Recovery Services

We have successfully recovered data for many clients who have been infected with Potato and other ransomware threats. Our team of certified engineers has the experience and knowledge necessary to get your data back quickly and safely.

We offer a free consultation to discuss your case and answer any questions you may have. Contact us today to get started. You can submit a case online and one of our representatives will contact you as soon as possible.

Or call 24/7: +1 (800) 972-3282. We are ready to help you right now.

If you prefer, you can go to the nearest SalvageData location. We have offices in the United States, Canada, and Europe.

For more information about us, please visit our website.