Donut Ransomware
The Donut Ransomware is an encryption ransomware Trojan that carries out a typical version of this attack type, which has become extremely common. The Donut Ransomware is one of the many variants of HiddenTear. This is an open source ransomware platform that was released in 2015 for educational purposes initially. Unfortunately, criminals easily adapted the HiddenTear's code to create numerous ransomware Trojans for harmful purposes. The Donut Ransomware is just the latest of countless variants that have appeared since the HiddenTear's initial release.
Table of Contents
The Donut Ransomware’s Implementation of the HiddenTear Platform
Not all HiddenTear variants are the same. The most effective HiddenTear variants are those that adapt the code for their own purposes but make the decryption portion more secure. In the case of the Donut Ransomware, however, the criminals are simply using the original version of HiddenTear. Fortunately, this means that it is possible to decrypt files encrypted by the Donut Ransomware through the use of the decryption tools released by PC security researchers. It is, however, necessary to note that threats like the Donut Ransomware are receiving new updates constantly, and an updated version of the Donut Ransomware may appear that uses an encryption algorithm that is harder to crack than the version of the Donut Ransomware being observed by PC security analysts at this current time.
How the Donut Ransomware Infects a Computer
The Donut Ransomware, like most HiddenTear variants, will scan the victim's computer for the user-generated files that are contained in a list of file extension stored in its configuration data and then it will use an encryption algorithm to make the victim's files inaccessible. The files that have the possibility of being targeted in attacks like the Donut Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
After the Donut Ransomware encrypts a file, they will be marked and easy to be spotted. The Donut Ransomware adds a new file extension, the string '.donut' to their names. The Donut Ransomware also delivers a ransom note, a program window named 'Oooops' that demands that the victim pays a ransom of 100 USD to restore access to the compromised files. The Donut Ransomware ransom note includes an email address where victims are supposed to contact the criminals responsible for the Donut Ransomware's attack, donutman@tutanota.com. However, computer users shouldn't contact this email address. Very often, it may be impossible to restore the files without help from the criminals; however, almost always, they will not help. In this case, where a decryption software does exist, there is even less of a reason to contact the criminals responsible for the Donut Ransomware attack.
Protecting Your Data from the Donut Ransomware and Dealing with this Threat
If the Donut Ransomware has been installed on your computer, PC security researchers advise using a strong security program that is fully up-to-date to remove it from your computer completely. Apart from removing the Donut Ransomware, PC security analysts advise computer users to ensure that no other threat has been installed along with the Donut Ransomware. Once the Donut Ransomware has been removed, the files encrypted by the Donut Ransomware can be decrypted with the help of a decryption program released by malware analysts, which can deal with the HiddenTear variants. In the future, have file backups on a secure location, in case you need to deal with a threat that cannot be decrypted.
