Chuk Ransomware
The Chuk Ransomware is another crypto locker based on the ever-expanding Dharma family of ransomware threats. It behaves in a typical ransomware manner - once inside the targeted computer, it locks the user's files with a combination of cryptographical algorithms. All encrypted files will no longer be accessible. The criminals will then leave a 'ransom note' with instructions for their victims on how to contact them and ways to send payment in exchange for the decryption key.
When the Chuk Ransomware encrypts a file successfully, it modifies the original filename heavily. First, it adds an alphanumeric string representing the unique ID of the victim; then, it appends one of the emails of the hackers (tchukopchu@tutanota.com in this case) before finally placing '.chuk' as a new extension. As for the ransom note, there are two versions of it. One is placed as a text file named 'FILES ENCRYPTED.txt' in every folder containing locked data, while the other is displayed in a pop-up window generated by the Chuk Ransomware.
The instructions found in the text file are extremely short, merely telling the victims of the ransomware to send an email to either 'tchukopchu@tutanota.com' or 'tchukopchu@cock.li.' The pop-up window provides far more details. The hackers specify that the primary email address is 'tchukopchu@tutanota.com,' while the other one should be used only of the victims receive no response within 72 hours. In a departure from what is considered the norm among Dharma Ransomware threats, the criminals behind the Chuk Ransomware not to offer their victims the chance to decrypt any files for free.
When dealing with the aftermath of a Chuk Ransomware attack, users should first and foremost remove any traces of the threat from their computers by employing a legitimate anti-malware program.
The content of the text files dropped by the Chuk Ransomware is:
'all your data has been locked us
You want to return?
write email tchukopchu@tutanota.com or tchukopchu@cock.li'
The note displayed in the pop-up window is:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link: email tchukopchu@tutanota.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by email:tchukopchu@cock.li
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
