Remove Kuus ransomware

Kuus ransomware is a variant of the notorious Djvu ransomware, which has almost 250 ransomware variants in the malware family.

 

Kuus ransomware encrypts files

Kuus ransomware is the newest variant of the Djvu ransomware, which has been releasing new versions left and right. It encrypts certain files on users’ computers with the intention of forcing users to pay for their recovery. Encrypted files will have the .kuus file extension added to them, hence why this malware is known as Kuus ransomware. Once the malware is done encrypting users’ files, it will drop a ransom note in which it will demand that victims pay $980 to recover files. A 50% discount would be given to users who contact them within 72 hours.

Regardless of the requested sum, victims are always discouraged from paying the ransom. Users may forget that they are dealing with cyber criminals who should not be trusted. There are no guarantees that a decryption tool would actually be sent to victims who pay. Malware operators would be free to take the money and not send anything in return. This happens often enough that users should be aware.

Unfortunately, the only sure way to recover files is via backup. Users who regularly back up their files can start file recovery once they remove Kuus ransomware from their computers. Otherwise, backed up files could become encrypted as well.

Bad online habits often lead to a ransomware infection

Users most often infect their computers with malware by not practicing safe browsing, opening unknown email attachments, and pirating content via torrents.

Email attachments are one of the most common ways users pick up infections like ransomware. Users receive an unsolicited email in their inbox which tries to force them to open the email attachment by claiming it’s some kind of important document. Senders of these emails even pretend to be from legitimate companies, banks and goverment organizations to encourage users to open the attached file. These emails are often fairly obvious, with random email addresses and an abundance of grammar/spelling mistakes in what’s supposed to be official correspondence. Even when an unsolicited email does not ring any alarm bells, it’s still recommended to scan the attached file with anti-malware software or VirusTotal.

Malware is also often encountered on torrent websites, as they are often unregulated, meaning anyone can upload anything. It’s often torrents for popular TV shows, movies, games and software that are hiding malware, so users who download pirated content are putting their computers at risk.

Is it possible to recover Kuus ransomware encrypted files

As soon as the ransomware is initiated, it will scan the computer for certain files and encrypt them. Kuus ransomware mainly targets photos, videos, documents, etc., essentially the files users would be willing to pay for. All encrypted files will have the .kuus file extension added to them. For example,  photo.jpg would become photo.jpg.kuus. A ransom note _readme.txt will also be dropped. The note will explain that files have been encrypted and to recover them, it’s necessary for users to contact them via the provided helpmanager@mail.ch email address. Like all Djvu ransomware, Kuus also demands $980 but lowers the price to $490 if victims contact them within 72 hours.

The _readme.txt contains the below ransom note:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-UfvM0gtUDw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
restoremanager@airmail.cc

If victims are not aware of this already, it’s not recommended to pay the ransom because it does not ensure file decryption. It’s not uncommon for malware operators to simply take the money and not provide the decryptor.

The only sure way to recover files is via backup, but not all users have the habit of regularly backing up their data. If no backup is available, users have the option of waiting for malware researchers to develop a free decryption tool. Emsisoft has released a decryptor for many Djvu versions but it will not necessarily work for Kuus ransomware.

Kuus ransomware removal

It is strongly recommended to use anti-malware software to delete Kuus ransomware. Users trying to manually uninstall Kuus ransomware could lead to them doing even more damage. Once the ransomware is no longer present, users can start file recovery from backup.