Dutan Ransomware

What is Dutan Ransomware?

Have you ever heard of Dutan Ransomware? If you are reading this entry, you are probably looking for more information on it. This program is a malicious computer infection that has been created to rip you off. The program requires you to pay a ransom fee if you want to retrieve your encrypted files. Computer security experts maintain that paying the ransom will not solve anything, and you would only give your money away to cybercriminals. Focus on removing Dutan Ransomware from your computer, so that you could look for file recovery options as soon as possible.test

Where does Dutan Ransomware come from?

Dutan Ransomware comes from the STOP Ransomware family. As such, the program is similar to Cetori Ransomware, Pedro Ransomware, Banta Ransomware, and several other programs. Even their ransom notes share the same text, so we can assume that most of these programs are created and released on the copy-and-paste basis. That is to say, their code is practically the same, and only a few things are tweaked to make them look slightly different. This is a good thing in a way because when ransomware programs are so similar, it is often possible to apply the same public decryption tool across several infections.

However, our research team has found that the same decryption tool can be applied to Dutan Ransomware only if the files were encrypted using an offline key. Otherwise, users need to look for another way to restore their files.

Now, as far as the distribution of this infection is concerned, it is actually possible to avoid getting infected with ransomware if you are careful about the files you download. Sometimes it might be hard to determine whether the file you are about to open is safe or not. For that, you can always scan it with a security tool before you launch it.

Also, Dutan Ransomware and other similar infections often come via spam email attachments. It means that users download and open those files themselves, and that usually happens because the files in question look like regular documents that we open every single day. For example, if you receive an invoice from an online store, you might open it with no questions asked, right? But what if you haven’t been expecting this invoice? What if it is random? Always double-check whether you have really been expecting a certain document before opening it because that document might a straight way to a ransomware infection.

What does Dutan Ransomware do?

As you can probably tell, this program encrypts target files across several directories. Once the files are encrypted, all the affected files receive a new extension. For example, a flower.jpeg filename will look like flower.jpeg.dutan once the encryption is complete. Technically, you do not need this extension to tell which files were encrypted because the file icon change automatically as the system can no longer read it.

After that, Dutan Ransomware also drops ransom notes in every single folder that contains encrypted files. The ransom note is a TXT format file, and here’s an extract from it:

ATTENTION!

Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method recovering files is to purchase decrypt tool and unique key for you.
<…>
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.

As mentioned, you CAN restore your data with a public decryption tool for STOP Ransomware if Dutan Ransomware used an offline decryption key. If not, you can still restore your files from a file backup, especially if you regularly save your files in an external hard drive or some other storage.

How do I remove Dutan Ransomware?

You can delete Dutan Ransomware manually, but manual removal might be quite burdensome, so you can also acquire a legal antispyware tool that will terminate this infection for you automatically. Aside from removing the ransomware program, you need to consider creating a file back-up once your computer is clean. Also, learn more about ransomware infection distribution networks, so that you would be able to avoid them in the future.

Manual Dutan Ransomware Removal

  1. Remove the most recently downloaded files.
  2. Press Win+R and enter regedit. Press OK.
  3. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. On the right pane, right-click the SysHelper value and choose Delete.
  5. Use the Win+R command and go to %AppData% and %LocalAppData% folders.
  6. Remove a folder with a random alpha-numeric filename.
  7. Use Win+R to open the %WinDir% directory.
  8. Navigate to Syste32\Tasks and remove the Time Triger Task.
  9. Use SpyHunter to scan your system. 100% FREE spyware scan and
    tested removal of Dutan Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *