'.duhust Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 8,382 |
Threat Level: | 50 % (Medium) |
Infected Computers: | 4,945 |
First Seen: | November 17, 2016 |
Last Seen: | September 16, 2023 |
OS(es) Affected: | Windows |
The '.duhust Extension' Ransomware is a ransomware Trojan that is being used to target computer users around the world. PC security researchers suspect that the '.duhust Extension' Ransomware is a variant of Globe, a known ransomware Trojan that has been active since Summer of 2016 in the wild. Variants of the '.duhust Extension' Ransomware have been responsible for countless threat attacks around the world.
How the '.duhust Extension' Ransomware may Access your Computer
Like its many predecessors, the '.duhust Extension' Ransomware uses an attack that involves taking the victim's files hostage and then demanding the payment of a ransom. The '.duhust Extension' Ransomware and each other new variant of the original threat adds new layers of obfuscation, as well as changes the way the attack is delivered. The '.duhust Extension' Ransomware is virtually identical to countless other ransomware Trojans that are active in the wild. These threats use a typical attack in which the victim's files are encrypted with an advanced encryption method, and then the victim is asked to pay a large ransom. The '.duhust Extension' Ransomware and its many variants may be distributed using corrupted email messages that are designed to look like legitimate email messages from banks, couriers, or other legitimate companies. The corrupted email messages used to deliver the '.duhust Extension' Ransomware also may mimic email messages from social media platforms such as Twitter or Facebook.
There's Nothing New on the '.duhust Extension' Ransomware Attack
The corrupted email messages used to deliver the '.duhust Extension' Ransomware will include a corrupted DOCX document. Although DOCX files are not considered threatening (they are, after all, Microsoft Word word processor documents), the corrupted file used to deliver the '.duhust Extension' Ransomware will have macros enabled, and these corrupted macros allow the '.duhust Extension' Ransomware to be downloaded and installed while bypassing the victim's security software. The '.duhust Extension' Ransomware carries out a typical ransomware attack, encrypting the victim's data. The '.duhust Extension' Ransomware receives its name because each file that it encrypts will receive the extension '.duhust' added to its name. The '.duhust Extension' Ransomware uses a modified open source AES-256 encryption algorithm to generate a private key that is sent to the '.duhust Extension' Ransomware's Command and Control server, controlled by the people responsible for the attack. Without access to this private key, the files that have been compromised by the '.duhust Extension' Ransomware are no longer recoverable.
The Aftermath of a '.duhust Extension' Ransomware Attack
The '.duhust Extension' Ransomware will encrypt numerous file types. The '.duhust Extension' Ransomware can encrypt data on all local drives, as well as on shared drives and removable memory devices connected to the victim's computer. The '.duhust Extension' Ransomware will target audio, video, text, spreadsheet, database, and other file types. The files encrypted by the '.duhust Extension' Ransomware will be under 50 MB in size, allowing the '.duhust Extension' Ransomware to carry out its encryption quite quickly and before the victim can react and stop the attack.
Unfortunately, once the victim's files have been encrypted, they are not recoverable without the decryption key, which will cost the victims 1 BitCoin (approximately $740 USD at the current exchange rate). There are several reasons why PC security analysts do not recommend that victims pay the '.duhust Extension' Ransomware's ransom:
- Research has shown that con artists might ignore the victims or demand additional ransom payments rather than provide the decryption key to recover from a '.duhust Extension' Ransomware attack.
- In many cases, the decryption key provided after a '.duhust Extension' Ransomware attack will simply not work, leaving the victim in a worse situation than before.
- Paying the '.duhust Extension' Ransomware ransom allows the people responsible for this attack to continue to develop and distribute this and other variants of this threat.
Instead, PC security analysts advise computer users to backup their files regularly, so that they can recover from an attack by restoring the files from the backup after deleting the '.duhust Extension' Ransomware infection itself.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.