The .dutan ransomware is a dangerous new virus threat which has been confirmed to be a new release of the STOP family of viruses. It is probably being released by a new criminal collective which has probably ordered the customization on the dark underground markets. As it is based on an already known base engine we anticipate that the made changes will not differ so much from other samples of the same family.
In order for the .dutan ransomware samples to be spread against the intended victims the most popular hacking tactics will be used. One of them depends upon the coordination of large-scale phishing email messages which are sent in bulk. They pose as legitimate notifications that have been sent in by well-known services and may include attached files or scripts that when interacted with will lead to the relevant infection.
A similar mechanism is the creation of malware sites which are hosted on domain names that sound similar to well-known pages: download portals, search engines and landing pages. To make them appear as more legitimate they will include self-signed or stolen security certificates.
The virus infections can also be caused via the inclusion of the relevant code in payload carriers — dangerous files that host the malware installation code. This can be acquired through the interaction with malware documents including databases, presentations, spreadsheets and text documents. Likewise a similar strategy is used with application installers — popular end-user software setup files will be created by the hackers. When they are opened alongside the applications the .dutan ransomware will also be deployed.
Note that browser hijackers are also widely used to spread threats. They are uploaded using fake user reviews and developer credentials to the relevant repositories of the most famous web browsers.
As soon as the infection is made a series of dangerous actions will follow. They can run as part of the typical execution plan of the virus threat or they can be set individually depending on local conditions. All of this depends on the exact instructions that have been set in by the criminals. Usually the most common components that are run include the following:
- Data Information Gathering — The engine can be used to acquire sensitive information both about the users and the infected machines. When the information is acquired by this component it can be used for various crimes such as financial abuse and identity theft. The machine information can be used by a built-in algorithm in order to create an unique signature for each affected computer.
- Security Bypass — This is often the next module that is run in the sequence. It will use the hijacked information in order to search for any applications that may block the proper malicious infection. Usually this includes common threats such as anti-virus programs, firewalls, virtual machines and sandbox environments.
- System Changes — Dangerous modifications to the computers can take place including boot modifications. This means that the relevant engine will be launched as soon as the computer is powered on. In addition it can also lead to Windows Registry changes — new strings can be created for the .dutan ransomware and already existing ones can be modified. This usually leads to performance issues, data loss and unexpected errors.
- Further Malware Delivery — The made infections can be used to deploy other threats to the infected machines. Popular choices include miners, Trojans and hijackers.
When all modules have finished running the actual file encryption will start. A s strong cipher will be used to affect target user data, in most cases the most common extensions will be processed: images, music, videos, documents, databases, archives and etc. All of them will be renamed with the associated .dutan extension. A companion ransomware note will be created in order to coerce the victims to pay the hackers a decryption fee.
|Short Description||The ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.|
|Symptoms||The ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by .dutan Ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .dutan Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.dutan Ransomware – Update
The good news for all victims of STOP .dutan ransomware is that the security researcher Michael Gillespie has found a flaw in the code of this variant and released an updated version of his STOP ransomware decrypter.
So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free .dutan decryption tool and learn how to proceed with the decryption process.
Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of .dutan ransomware infections.
.dutan Ransomware – What Does It Do?
.dutan Ransomware could spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet. .dutan Ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.
.dutan Ransomware is a cryptovirus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The main engine could make entries in the Windows Registry to achieve persistence, and interfere with processes in Windows.
The .dutan Ransomware is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.
You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.
The .dutan Ransomware cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:
→vssadmin.exe delete shadows /all /Quiet
If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.
Remove .dutan Ransomware
If your computer system got infected with the .dutan Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.