CuteRansom Ransomware

The CuteRansom Ransomware is a file-locker Trojan that uses encryption for blocking personal and workplace content, such as documents or pictures. This threat may generate a visible Command Prompt while its encryption routine runs, make significant changes to filenames, and create ransom notes asking that you e-mail the threat actor. Have a traditional anti-malware program safely uninstall the CuteRansom Ransomware after an attack, and recover your files from their last backups, if need be.

A Trojan's Cute Idea of What to Do with Your Files

A file-locker Trojan that's in development is showing off attacks with similar symptoms to the English side of the Scarab Ransomware family, although there's no evidence of a definitive relationship. The CuteRansom Ransomware is, unlike that Ransomware-as-a-Service family, currently asking for no ransoming money, and, in theory, will unlock your files for free after the victim contacts the threat actor. However, due to its encryption method being secure, malware analysts recommend against presuming that the CuteRansom Ransomware's unlocking help will remain free.

The CuteRansom Ransomware is Windows-based, and, after registering a Mutex and making other, standard system changes, launches a data-encrypting routine that targets media files in locations such as the user's desktop. The builds that malware analysts have available will load visible CMD prompts while doing so, which may mean that the threat actors plan on launching the Trojan manually, through RDP style attacks. Alternately, they may remove this UI element from the 'release' version of the program.

Along with locking each file with both AES and RSA encryption, the CuteRansom Ransomware runs their names through a Base64-based conversion sequence that changes the filenames into pseudo-random characters and gives them new extensions, as well. Some versions of the CuteRansom Ransomware stop at this point, while at least one variant will create a Notepad file with its only demands: informing the victims that they should contact the threat actor over e-mail for a free decryption solution.

Keeping Threatening Software from Being Cute with You

Although the CuteRansom Ransomware's payload design implies that it's nothing more threatening than a bad joke or a prank, its encryption's security is equivalent to that of similar threats with, typically, commercialistic intentions, such as Hidden Tear or the Globe Ransomware. Users without backups always should create copies of their encrypted media before testing the possibility of recovering them with any of various, free decryption utilities. Since doing so is still potentially uncertain, malware researchers encourage keeping backups of all of your content on another, secure device.

The CuteRansom Ransomware is in the earliest stages of its development, despite it having an effective encryption method available to it, already. Malware researchers' best estimations of what kind of infection techniques it may use in its campaign include attachments from e-mail spam, mislabeled torrents and free websites downloads, brute-force attacks against the accounts of server administrators, and browser-running threats like the Fallout Exploit Kit and the Nebula Exploit Kit. A combination of anti-malware software for removing the CuteRansom Ransomware on sight, using strong passwords, and updating your software will defend against most of these attacks.

The multi-layer encryption that the CuteRansom Ransomware uses is one of the most prominent techniques for making data unreadable, usually, temporarily. However, since the decryption code remains in the hands of an unknown threat actor, PC owners shouldn't assume that being able to unlock their files will always be free or even possible.