PLUT Ransomware

The PLUT Ransomware is linked to the Dharma Ransomware family of file-lockers closely – unfortunately, this also means that none of its victims will get access to a free decryption tool, and they may need to rely on alternative data recovery options that are not always fully successful. The only way to undo all the damage the PLUT Ransomware has done to your files reliably is to restore them from a recent data backup.

This particular file-encryption Trojan may arrive at its victims via a bogus email attachment that may be disguised as a Microsoft document or as a ZIP file that contains a document. Upon execution, the macro-laced document would launch a series of commands that are meant to download, unpack and initialize the PLUT Ransomware. After this task is complete, the file-locker may need just a few minutes to seek the file formats it is meant to encrypt and lock their contents. It will rename all encrypted files by using the extension format ‘.id-.[adolfhackler@tutanota.com].PLUT.’

Currently, one of the PLUT Ransomware’s identified victims is in China, but there is no reason to believe that this is the only region that the attackers are targeting. It is strongly recommended to take all security measures to prevent threats like this from infiltrating your computer since they may end up causing potentially irreversible damage to your data.

The PLUT Ransomware also provides a ransom note that tells victims to message adolfhackler@tutanota.com for further details and payment instructions. Of course, you should not accept this offer since sending Bitcoin to the attackers may not get you anything in return. The suggestion is to use an anti-malware product to eradicate the PLUT Ransomware, and then look into the data recovery options mentioned in the first paragraph.