Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • System crashes
  • Slow Computer

Dutan Ransomware

Dutan Ransomware is an encryptor, and once it corrupts your personal files, you might be unable to recover them. According to our research team, a free decryption tool created by malware researchers might exist, but it has not been effective with some of the more recent infections from the STOP Ransomware family, and so we cannot guarantee that you will be able to use it successfully. Of course, it is worth taking a chance if all of your personal files were corrupted, but you must be cautious. We have the same advice for the victims of Zatrov Ransomware, Vesrato Ransomware, Cetori Ransomware, and all other malicious infections from the STOP family. It is likely that the same attacker stands behind most – if not all – of these threats, but other parties could be involved as well. Ultimately, the creator is unknown, and so it is likely that we will keep seeing new threats from this family emerging. Of course, all of them must be deleted, and if you keep reading, you will learn how to remove Dutan Ransomware.

Just like all other threats from the same family, Dutan Ransomware is likely to exploit RDP vulnerabilities and spam emails to spread. When it comes to unpatched vulnerabilities, they can be used silently, but when it comes to spam, you are tricked into executing the infection yourself. Needless to say, we strongly advise updating your system and software, as well as keeping away from suspicious email messages, especially the ones with strange links and attachments. If you are not vigilant, the devious Dutan Ransomware can slither in without your notice, and once it is in, it can encrypt files and add the “.dutan” extension to their names. It is unknown if the threat goes through specific directories to corrupt files, but, most likely, it looks for files with certain extensions all over your operating system. When files are encrypted, they cannot be read, and if STOPDecrypter does not work, it is unlikely that you can recover your personal files at all. Needless to say, if you have backups stored someplace safe – for example, on an external drive – you can delete the corrupted files and use backups as replacements.

Although it is unlikely that decryption of your personal files is possible, the attackers behind Dutan Ransomware do not want you to know this. A file named “_readme.txt” is created everywhere, and you cannot miss it. The message inside informs that you can employ a “decrypt tool” to have your files restored, but this tool costs $490 (or $980 after three days), and that is a lot of money to put on the line. Furthermore, to pay the ransom, you need to communicate with the attackers via Telegram (@datarestore) or email (,, and this could put you at risk too. At the end of the day, cybercriminals are completely unpredictable, and even though they promise to give you a decryptor now, they could change their minds once the money is in their pockets. Unfortunately, that is the issue that the victims of ransomware usually face, and since most victims end up losing money for no reason, we do not recommend paying the ransom. If you are determined to go along with attackers’ demands, at least exhaust all options (e.g., backups or free decryptors) before you commit to anything.

The instructions you can see below show how to delete Dutan Ransomware manually, but, as you can see, the names of the files and the folders containing them are random, and so we cannot guarantee that you will be able to delete the malicious components. The last thing you want is to end up removing something harmless or essential for your operating system. Therefore, if you are not sure you can remove Dutan Ransomware manually, we advise installing a trusted anti-malware program. This program should be able to automatically remove all malicious threats as well as secure your operating system in the future. If your system is protected, your chances of facing new threats will decrease. Of course, you need to be more careful too because cybercriminals could come up with new ways to expose you to malware. This is why you also want to have backups of your personal files. Although reliable security software should protect you, creating backups will give you peace of mind.

Dutan Ransomware Removal

  1. Delete every single copy of the file named _readme.txt.
  2. Tap Win+R to access Run and then enter regedit into the dialog box to access Registry Editor.
  3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Delete the value named SysHelper if the value data points to a malicious .exe file (check steps 6-7).
  5. Tap Win+E keys to access Windows Explorer.
  6. Enter %LOCALAPPDATA% (or %USERPROFILE%\Local Settings\Application Data\) into the quick access field.
  7. Delete a [random name] folder with a malicious [random name].exe file inside.
  8. Enter %WINDIR%\System32\Tasks\ into the quick access field.
  9. Delete the task created by the infection named Time Trigger Task.
  10. Empty Recycle Bin.
  11. Install a trusted malware scanner and use it to perform a thorough system scan.
Download Spyware Removal Tool to Remove* Dutan Ransomware
  • Quick & tested solution for Dutan Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.