Threat Database Ransomware PLUT Ransomware

PLUT Ransomware

By GoldSparrow in Ransomware

Malware experts have detected a new file-locking Trojan recently. They gave it the name PLUT Ransomware, and when they studied it, it became evident that this piece of malware is not new completely, but is a variant of the widely popular Dharma Ransomware. So far, there has already been one victim confirmed, which is located in China.

It is unconfirmed, but it is believed that the PLUT Ransomware is spread via corrupted pirated software, faux updates, and spam emails that contain an infected attachment. Once the PLUT Ransomware finds its way into your PC will scan your data looking for certain file types that it is meant to encrypt. Usually, these are all the most commonly found ones such as .mp3, .jpeg, .doc, .pptx, .pdf, .png, .mov, etc. When the PLUT Ransomware locates the data it was sent after, it would start the encryption process. During this step of the attack, the data undergoes encryption and is thus rendered unusable; there will be noticeable changes in the file names too. The PLUT Ransomware, like most ransomware threats from the Dharma family, follows a certain pattern when renaming the affected files - '.id-.[].PLUT.' The next step of the PLUT Ransomware's attack is to drop the ransom note. The attackers fail to specify the sum demanded supposedly to provide the user with a decryption tool. However, an email address is provided – The victims are expected to get in touch with the attackers via email to receive instructions on how to process the payment required and how to use the decryption tool, which they are supposed to have sent to them.

You should stay away from people like the authors of the PLUT Ransomware. Such individuals are known for tricking their victims and never holding up their end of the bargain after receiving the ransom fee. Instead, you should look into downloading and installing a reputable anti-spyware tool and wipe your PC clean.

Related Posts


Most Viewed