RansomCuck Ransomware

What is RansomCuck Ransomware?

RansomCuck Ransomware is a computer infection that has been developed by cyber criminals to help them to extort money from users. It makes users pay money by encrypting all the personal files stored on the computer. It seems that RansomCuck Ransomware does not encrypt files at the time of writing or we had a faulty version that does not do anything; however, it is very likely that it will be fixed soon by cyber criminals and will start encrypting valuable users’ files in full swing. Have you already encountered RansomCuck Ransomware? If so, you need to remove it from your computer as soon as possible no matter it has encrypted your files or not. We cannot promise that it will be easy to eliminate it but you still need to erase it no matter what. The removal of this infection is not an easy task for one simple reason – it blocks such system utilities as Task Manager, Registry Editor, and Command Prompt by applying particular changes in the system registry. Researchers working at anti-spyware-101.com will, of course, explain to you how to get rid of it in this article, but you should first find out more about it before turning to its deletion.test

What does RansomCuck Ransomware do?

Like any other ransomware infection, the properly-working version of RansomCuck Ransomware should encrypt personal files it finds on the computer and then demand a ransom. As our researchers have managed to find out, it opens the window with the ransom note on Desktop and creates the RansomCuck.txt file. They should both explain users what has happened to their files and what they can do about that. Also, users who read them will quickly find out that they have to pay a certain amount of money for the decryption tool. Do you see a message on your Desktop too? If that message does not differ from the one you see below, we can assure you that you have encountered RansomCuck Ransomware:

All files including videos, photos and documents on your computer have been encrypted by this software.

Encryption was produced using a unique key specific to your computer. The only way to obtain your files back is to decrypt them using the unique key specific to your computer.

Your unique key is stored on a TOR server which will automatically destroy itself after 2 weeks. After that, no one will be able to restore your files.

If this program is altered in any way without ransom being payed, your files will be lost forever. A file has been created on the desktop with the exact same instructions.

Your files will be automatically decrypted once the payment is received.

Even though it is said that it will be impossible to unlock files after 2 weeks, you should not hurry to pay money to cyber criminals because your files might not be encrypted at all. You should find out that first: close the window and then take a look at your personal files. If they have the new filename extension .encrypt, unfortunately, it means that this threat has really encrypted them. Of course, this does not mean that you have to make a payment for the decryptor. To be frank, users who decide to pay money risk losing their files because cyber criminals often do not even bother sending the decryptor to users after they receive the payment. Of course, they will not give your money back either. If you decide not to take a risk, you can try to decrypt your files with a free tool after the deletion of RansomCuck Ransomware. We cannot guarantee that this will work for you, but it is better than doing nothing.

As you already know, RansomCuck Ransomware blocks the so-called system files, e.g. cmd.exe, taskmgr.exe, and regedit.exe the second it enters the computer. If you download the tool for editing the system registry (you will not be allowed to open the registry editor in any other way), you could fine Values DisableRegistryTools and DisableTaskMgr in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. Also, you will find the DisableCMD Value in HKCU\Software\Policies\Microsoft\Windows\System. Not only are the original names of these Values changed by this ransomware infection. If you look closer at the Value data line, you will see the line 0x00000001 (1). There is no doubt that the Value data has been modified by this infection too because the original one is 0x00000000 (0). You will have to undo those changes yourself to enable system utilities. Do not worry; we will help you with that because we understand that not all the users have a broad knowledge of the system registry.

Where does RansomCuck Ransomware come from?

You are lucky if you have encountered a version of RansomCuck Ransomware that does not communicate with its C&C server and, as a consequence, does not encrypt files; however, we are sure that this threat will be fixed in the future. On top of that, there are hundreds of other dangerous ransomware infections on the web these days. Therefore, our security specialists highly recommend installing a reputable security tool on the computer. It will protect your system from all kinds of dangers; however, you need to be careful yourself too. We suggest, at least, ignoring spam emails you receive because ransomware infections are often spread as legitimate-looking attachments in them.

How to delete RansomCuck Ransomware

It will not be easy to delete this ransomware from the system manually because you first need to download the tool for editing the system registry from the web and only then undo the changes it has made. Of course, you can delete RansomCuck Ransomware automatically too with the help of SpyHunter if you do not feel like eliminating it manually. It will enable the Task Manager and the Registry Editor for you and will delete the ransomware fully; however, you will have to fix the CMD yourself. You will find out how to do that if you check the manual removal guide provided below this article. Just scroll down!

The manual RansomCuck Ransomware removal guide

  1. Download and install the external tool for editing the registry.
  2. Open HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  3. Locate DisableRegistryTools and DisableTaskMgr Values having the Value data 0x00000001 (1).
  4. Delete them both.
  5. Go to HKCU\Software\Policies\Microsoft\Windows\System.
  6. Remove the DisableCMD Value.
  7. Move to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
  8. Delete the RW value completely.
  9. Close the tool.
  10. Tap Ctrl+Shift+Esc to open the Task Manager.
  11. Click on the Processes tab to open it.
  12. Kill the process of the ransomware by right-clicking on it and selecting End Process.
  13. Find and delete the executable file of the ransomware.
100% FREE spyware scan and
tested removal of RansomCuck Ransomware*

Leave a Comment

Enter the numbers in the box to the right *