Chuk Ransomware

Chuk Ransomware Description

The Chuk Ransomware is another crypto locker based on the ever-expanding Dharma family of ransomware threats. It behaves in a typical ransomware manner - once inside the targeted computer, it locks the user's files with a combination of cryptographical algorithms. All encrypted files will no longer be accessible. The criminals will then leave a 'ransom note' with instructions for their victims on how to contact them and ways to send payment in exchange for the decryption key.

When the Chuk Ransomware encrypts a file successfully, it modifies the original filename heavily. First, it adds an alphanumeric string representing the unique ID of the victim; then, it appends one of the emails of the hackers (tchukopchu@tutanota.com in this case) before finally placing '.chuk' as a new extension. As for the ransom note, there are two versions of it. One is placed as a text file named 'FILES ENCRYPTED.txt' in every folder containing locked data, while the other is displayed in a pop-up window generated by the Chuk Ransomware.

The instructions found in the text file are extremely short, merely telling the victims of the ransomware to send an email to either 'tchukopchu@tutanota.com' or 'tchukopchu@cock.li.' The pop-up window provides far more details. The hackers specify that the primary email address is 'tchukopchu@tutanota.com,' while the other one should be used only of the victims receive no response within 72 hours. In a departure from what is considered the norm among Dharma Ransomware threats, the criminals behind the Chuk Ransomware not to offer their victims the chance to decrypt any files for free.

When dealing with the aftermath of a Chuk Ransomware attack, users should first and foremost remove any traces of the threat from their computers by employing a legitimate anti-malware program.

The content of the text files dropped by the Chuk Ransomware is:

'all your data has been locked us

You want to return?

write email tchukopchu@tutanota.com or tchukopchu@cock.li'

The note displayed in the pop-up window is:

'YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link: email tchukopchu@tutanota.com YOUR ID -

If you have not been answered via the link within 12 hours, write to us by email:tchukopchu@cock.li

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.