CuteRansom Ransomware

There is nothing cute about CuteRansom Ransomware. It is better known as YuAlock Ransomware, but both names come from the creator of the infection. The first name is found in the infection’s code, while the second one is represented via the ransom note that is created after the encryption of files. Yes, this malware encrypts files, and that is bad news. If it succeeds at this basic task, it is possible that nothing could be done to resolve the encryption. Our research team tested two different samples of this threat in the internal lab, and both worked slightly differently. Also, neither of them worked exactly as expected, and it is likely that this malware is still in development. Nonetheless, we should not wait to see what happens. In fact, it is best to prepare yourself and the operating system against the potential attack of this threat. Whether you are just taking security measures, or you need to remove CuteRansom Ransomware, you should continue reading.

Spam emails are commonly used by many attackers to spread malware, and they could be used by the attackers behind CuteRansom Ransomware as well. Unsafe RDP connection, system vulnerabilities, and backdoors opened by malicious bundled downloaders could be exploited as well. If you do not catch and delete the infection right when it attacks, it should encrypt files. The infection has 162 targets – these are different types of files with different extensions – and it also is set to scramble the names and attach a unique extension. Our analysis has revealed that the extension added is “.6db8.” So, for example, a file named “example.jpg” could look something like “abC1dEF#Gh=i.6db8.” While it does not really matter whether or not your files have original names – because you are unlikely to decrypt them anyway – it certainly can be easier to assess the damage. This could be useful in case some of your files are backed up, for example. If your files are backed up, you should not postpone the removal of the infection for any longer. Delete CuteRansom Ransomware and then access your files via backup.

After encryption, CuteRansom Ransomware creates D_E_C_R_Y_P_T.txt, which delivers a short message. According to it, all files are encrypted by YuAlock (hence the YuAlock Ransomware name) and the victim needs to send an email message for recovery. This is how most file-encrypting infections operate, including M@r1a Ransomware, EnybenyCrypt Ransomware, and SymmyWare Ransomware. The strange thing is that, according to the message, a payment in return for a decryptor is not required. Instead – the message states – one needs only to send an email and smile. This does not make any sense; especially since the tested sample did not reveal an email address at all. Besides this file, CuteRansom Ransomware also creates sendBack.txt, secret.txt, secretAES.txt and data recive files. At the time of research, only the latter one provided information that made sense, and that was the victim’s computer name. Needless to say, we recommend that you delete all of these files too. Luckily, their removal should be the easiest task.

We hope that CuteRansom Ransomware does not spread actively, but since that is a possibility, we need to discuss the removal of this malicious threat. Whether you recognize it by this name or as YuAlock Ransomware, you have to act quickly. Deleting CuteRansom Ransomware manually should not be too difficult if you can correctly identify and delete the launcher .exe file. We cannot reveal its location or name because that is personal to every case and every victim. If you cannot find the infection yourself, there are tools that could help you. Note that fictitious and even malicious anti-malware software exists, which is why you must be cautious. Install software you can trust if you want it to serve you beneficially. Once your operating system is clean, you also need to take care of security, and that is another thing you can get from using trusted anti-malware software. You also want to remember to back up files because if copies exist, you will not need to deal with loss ever again.

CuteRansom Ransomware Removal

1. Delete all recently downloaded suspicious files.
2. Delete the files created by the infection: D_E_C_R_Y_P_T.txt, data recive, secret.txt, secretAES.txt, sendBack.txt.
3. Empty Recycle Bin.
4. Install a malware scanner.
5. Run a full system scan.
6. If leftovers are found, remove them ASAP.