Kuus Ransomware

Malware analysts have identified a new data-locker that was named Kuus Ransomware. The Kuus Ransomware is not a unique threat – it is yet another copy of the STOP Ransomware. The latter is the most active ransomware family globally, so it comes as no surprise that cybercriminals continue to pump out new copies of this well-established threat.

Propagation and Encryption

The Kuus Ransomware is sure to encrypt many of the files present on your system. This is because the file-locker is programmed to go after .jpeg, .jpg, .png, .svg, .gif, .webm, .mov, .mp4, .wav, .mp3, .aac, .midi, .mid, .rar, .db, .zip, .ppt, .pptx, .doc, .docx, .txt, .pdf, .xlsx, .xls and many other filetypes. When the Kuus Ransomware locks a file, you will notice that it has added a new extension to its name. This data-locker appends a '.kuus' extension to the encrypted files' names. For example, a file, which you named 'satin-sheets.mp4,' will be renamed to 'satin-sheets.mp4.kuus.' If you are not sure how the Kuus Ransomware ended up on your computer, it is likely that you were targeted by a phishing email campaign. There are other common propagation methods, too, when it comes to the distribution of ransomware threats. Cybercriminals tend to use fake social media profiles, corrupted advertisements, torrent trackers, fraudulent software downloads, etc.

The Ransom Note

Next, the Kuus Ransomware will drop a file on the victim's desktop. The file contains the ransom message of the attackers, and its name is '_readme.txt.' These people demand to be paid a ransom fee of $980. However, they offer users who contact them within three days a 50% discount. The victims who meet the deadline will be asked to pay $490, instead of the full ransom fee. The authors of the data-locker offer two email addresses that the victim can use to contact them – ‘helpmanager@mail.ch' and ‘restoremanager@airmail.cc.' They offer the victims the decryption one file for free, as long as it does not contain any valuable data.

It is best to ignore the demands and wishes of cybercriminals. It is not advisable to pay the ransom fee as the attackers may fail to provide you with the decryptor you need. This is why you should consider obtaining a reputable, up-to-date anti-spyware solution that will remove the Kuus Ransomware from your PC in no time.