CuteRansom Ransomware

The CuteRansom Ransomware is an encryption ransomware Trojan first observed on November 6, 2018. The CuteRansom Ransomware, like most encryption ransomware Trojans, is designed to make the victim's files inaccessible. Then, a ransom payment is demanded to restore access to the compromised data. Computer users are counseled to take precautions against the CuteRansom Ransomware and the many similar threats that are attacking computer users currently.

How the CuteRansom Ransomware Attack is Carried Out

The CuteRansom Ransomware makes the victim's files inaccessible by encrypting them using a strong encryption algorithm. The CuteRansom Ransomware attack targets numerous files, which will be marked with a new file extension '.6db8,' added to their names. The CuteRansom Ransomware Trojan is often delivered to victims via corrupted email attachments and online advertisements. The CuteRansom Ransomware is written using .NET and can carry out offline attacks onto the victims' computers. The CuteRansom Ransomware threat targets the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The CuteRansom Ransomware demands a ransom payment to give back access to the damaged data. To do this, the CuteRansom Ransomware delivers a ransom note to the victim. This ransom note is presented as a text file named 'D_E_C_R_Y_P_T.txt.' Below is the full text of the CuteRansom Ransomware ransom note:

'Your computer file has been encrypted with YuAlock.The other Ransomware requires a bit coin, but the Ransomware only needs to send a mail to recover the file ...He's not looking at the monitor seriously. Please smile a little Ha ha ha!'

The CuteRansom Ransomware drops several other text files onto the victim's computer, named 'sendBack.txt,' 'secret.txt' and 'secretAES.txt.' The contents of the CuteRansom Ransomware's ransom notes should be ignored and the ransom demanded by the criminals responsible for the CuteRansom Ransomware attack shouldn't be paid.

Protecting Your Data from Threats Like the CuteRansom Ransomware

The best protection against threats like the CuteRansom Ransomware is to have backup copies of your files. These backup copies should be stored in an inaccessible location, such as an external memory device or on the cloud (not synchronized with the main device). If computer users have file backups, then they can restore the compromised files with the backup copies. Unfortunately, the CuteRansom Ransomware uses an encryption technique that is quite strong, and it may be an impossible task to restore the files encrypted by the attack without having the decryption key currently. Therefore, prevention through the use of file backups and security software that is fully up-to-date remains the best protection.