Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Português
Threat Database Ransomware Kut Ransomware

Kut Ransomware

By GoldSparrow in Ransomware
Translate To:
English

The only family of ransomware threats that is as popular as STOP/DJVU among cybercriminals is Dharma. One of the latest threats that have been confirmed to belong to the Dharma family is Kut Ransomware. 

No significant deviations from the standard behavior of Dharma variants have been implemented into Kut. However, the threat is still extremely dangerous and can effectively lock users out from their computer systems by encrypting nearly all of their private or work files with a strong encryption algorithm. Every locked file will have its name changed significantly - the threat appends to the original filenames, a string of characters representing the ID assigned to the particular victim, followed by an email under the control of the hackers, and finally, the specific file extension used by the Kut Ransomware. The email address is 'kuk1@tuta.io' while the extension is '.kut.' The ransom note is delivered in two separate ways - contained inside text files named 'FILES ENCRYPTED.txt' and displayed to the victim in a pop-up window. 

The text files' instructions are extremely brief, simply telling any affected users to send a message to either the 'kuk1@tuta.io' or the secondary email address at 'ti7s@protonmail.ch.' The pop-up window provides a bit more details, although they are also not that useful. The message mostly consists of various warnings such as victims avoiding to rename the encrypted files or using any third-party decryption applications. 

The message from the 'FILES ENCRYPTED.txt' is:

'all your data has been locked us

You want to return?

write email kuk1@tuta.io or ti7s@protonmail.ch

The ransom note from the pop-up window states:

YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link:email kuk1@tuta.io YOUR ID -

If you have not been answered via the link within 12 hours, write to us by e-mail:ti7s@protonmail.ch

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Related Posts

Trending

Most Viewed

Loading...