Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

RansomCuck Ransomware

RansomCuck Ransomware may become a dangerous threat to your computer and your files, but the first version that just hit the web seems to be a semi-ready product indeed. This ransomware is based on the well-known Detox Ransomware, but for some unclear reasons it fails to do its job, i.e., it does not actually encrypt your files. It is possible that a new variant will soon emerge and will be more consistent and deadly. So it is best to share what we can know now about this malware infection so that you can be prepared to avoid it if possible. As you may know, ransomware threats are one of the most dangerous infections as they can encrypt your files, which you may lose all in such an attack. Of course, this is all about your money; in other words, extorting money from you to get the decryption key or software or both. Since this infection does not encrypt your files, at least you have a chance to restore your computer and its system security if you remove RansomCuck Ransomware right now. We are here to help you with the necessary steps but first let us talk about what we have learnt about this malware program.

The most likely way you can infect your machine with this ransomware is through spam e-mails, but, of course, new versions may show up that could also spread via Exploit Kits as well. For this reason, you should make sure that all your browsers and drivers (e.g., Java and Flash) are updated frequently because Exploit Kits, as you can guess from the name, can exploit older versions’ security holes to infect your computer. But let us see now how a spam e-mail can hurt you. Such a mail can evade your spam filter and end up in your inbox. However, not only can it deceive your filter, but it can also convince you that it is urgent and important for you to open it as well as download and view the attached file. This attachment is usually disguised as an image (.jpg or .bmp) or a text document (.docm) with macro. Running this file equals to activating RansomCuck Ransomware in fact. You may believe that you are about to see a complaint about wrongly given credit card details, a mistaken flight booking, or a picture of an unsettled invoice, but, unfortunately, you simply initiate this attack. Although your files may not be harmed by this version, you should delete RansomCuck Ransomware immediately because this can change very soon.

We have found that this ransomware does not appear to communicate with any C&C (Command and Control) servers, which means that this infection does not encrypt any files as of yet. From the source code we assume that this malware program targets the usual image, video, database, and program files and is supposed to add the ".encrypt" extension. Once the alleged encryption is finished, the ransom note ("RansomCuck.txt") comes up on your screen. At the same time, this infection also disables the Windows Registry editor, the Command Prompt, and the Task Manager thus making your attempt to remove RansomCuck Ransomware more difficult.

From the ransom note you learn that your files have been encrypted and your only chance to recover your files is to get the unique decryption key that is claimed to be stored on a TOR server. This key is said to be destroyed after 2 weeks if you fail to transfer the ransom fee. Probably due to the missing communication with the server, there is no amount and no Bitcoin wallet address provided in this note; therefore, it would be hard to comply with the instructions. So, in this case, there is no reason to even consider paying these crooks anything since your files are not even encrypted as a matter of fact; if you get hit by this first version that we tested. There is only one thing you should do: Remove RansomCuck Ransomware as soon as possible.

Since this ransomware makes certain Windows Registry changes, it is a bit complicated to eliminate it. We try to explain the steps so even inexperienced users could be successful following them. However, if you do not feel confident about manual removal, you may want to ask a friend or go for an automated solution. First of all, you need to find and download a reliable third-party Windows Registry Editor program because your built-in editor is disabled and so are your Task Manager and the Command Prompt as well. Second, you need to kill the malicious process via Task Manager and then, go on deleting the malicious files and registry entries related to this attack. Please follow the instructions we have included below this article to make sure you clean your system of this annoying threat. Another more comfortable choice you also have is to download a trustworthy anti-malware program, such as SpyHunter, and let it do its job automatically. This security tool will also protect your system from future malware infections. If you are looking for peace of mind while surfing the web, this could be your best solution.

How to remove RansomCuck Ransomware from Windows

  1. Download and run an external Windows Registry Editor.
  2. Set “0x00000000 (0)” for the following value data:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (value data: "0x00000001 (1)")
  3. Press Ctrl+Shift+Esc to start up the Task Manager.
  4. Locate the malicious process and press End task.
  5. Exit Task Manager.
  6. Press Win+E.
  7. Locate and delete the downloaded malicious file.
  8. Run the external Windows Registry Editor again if you closed it or simply go back to it.
  9. Delete “HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\RW” registry value name.
  10. Set “0x00000000 (0)” for the following value data for these registry value names:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (value data: "0x00000001 (1)")
    HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD (value data: "0x00000001 (1)")
  11. Exit the editor.
  12. Restart your computer.
Download Spyware Removal Tool to Remove* RansomCuck Ransomware
  • Quick & tested solution for RansomCuck Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.