Dutan Ransomware Removal Guide

Do you know what Dutan Ransomware is?

You might think that your virtual security is invincible, but it takes one threat like Dutan Ransomware to flip your world upside down. This infection is most likely to affect Windows operating systems with poor or non-existent protection, but most users simply do not think that malware would affect them. In fact, it only takes one spam email or one unpatched RDP flaw to help this malware enter your system. Unlike some of the more famous threats, ransomware does not damage your computer or your operating system. It does not spy on you either. Instead, it goes right to your personal files, which, depending on the system, might include work documents and spreadsheets, or home videos and personal photos. Unfortunately, once files are encrypted, you will not restore them by deleting Dutan Ransomware. Does that mean you can postpone the removal of this infection? You can, but you should not.

You might not know this, but Dutan Ransomware is part of a large ransomware family, known by the name “STOP.” Other threats that belong to it include Zatrov Ransomware, Cetori Ransomware, and Mogranos Ransomware. For the most part, these threats are identical, and there is a good chance that they were unleashed by the same attacker(s). A file named “_readme.txt” is dropped by all of them, and this message is always the same. Sometimes, the contact email addresses are changed, but even those are usually the same. The email addresses linked to Dutan Ransomware are gorentos@bitmessage.ch and vengisto@firemail.cc, and the victim also has the option of contacting the attackers via Telegram, using the handle @datarestore. Should you contact the attackers? You have no other option if you are sure you want to pay the ransom, but since we do not recommend paying it, we do not recommend communicating with the attackers either.Dutan Ransomware Removal GuideDutan Ransomware screenshot
Scroll down for full removal instructions

It is very clear what the attackers behind Dutan Ransomware want from you. It is money. The .TXT file message informs that a ransom of $490 must be paid in return for the decryption tool. Needless to say, the exchange is very unfair, but the attackers are in control here, and they can do whatever they want. They could even increase the ransom to $1000, and some victims would still pay. That is because the encrypted files (you should find the “.dutan” extension appended to them) are valuable, and victims do not want to lose them. Well, here’s the kicker – who can guarantee that the attackers would give you the decryption tool after you paid the full ransom? No one can, and, in fact, it is unlikely that you would obtain a decryptor by following cybercriminals’ demands. On the contrary, you are more likely to waste your money and allow the attackers to expose you to new scams and infections via email.

It is important that you think about the removal of Dutan Ransomware, but you also need to think about the security of your operating system overall. While you can solve both of these issues separately, you can also do it at the same time by employing reliable anti-malware software. Once installed, it can automatically scan the system to check for infections, it can then delete them, and, at the same time, it can also establish full-time protection. Unfortunately, even the best anti-malware tool will not restore the files corrupted by Dutan Ransomware. A tool called “STOPDecrypter” exists, but we cannot guarantee that it will work for you, which is why we hope that backups exist. If you did not create backups for your personal files before, start doing it as soon as possible to protect them in the future.

Delete Dutan Ransomware

  1. Launch Run (tap Win+R keys) and enter regedit into the box.
  2. In Registry Editor, got o HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  3. Right-click the value named SysHelper and select Delete.
  4. Launch Windows Explorer (tap Win+E keys) and enter the following paths into the field at the top:
    • %LOCALAPPDATA%
    • %USERPROFILE%\Local Settings\Application Data\
  5. If you can identify malicious folder containing malicious .exe file, right-click and Delete it.
  6. Move to %WINDIR%\System32\Tasks\.
  7. Right-click the task named Time Trigger Task and click Delete.
  8. Now, find the ransom note file called _readme.txt and also right-click and Delete it.
  9. Empty Recycle Bin to eliminate the threat.
  10. Run a full system scan to check for leftovers using a trusted malware scanner.

In non-techie terms:

Dutan Ransomware was created to encrypt your files, and if it is successful, the attackers behind it can offer a decryptor. Of course, this decryptor is not free, and, unfortunately, no one can guarantee that you would obtain it by paying the ransom. Since the chances of you getting the tool are slim, we do not recommend wasting your savings. We also do not recommend contacting the attackers via email or Telegram because that could make it possible for them to expose you to new threats or scams. If you have backups of your personal files, you have replacements for the corrupted files. If you do not have those, your only chance at restoring files is using a legitimate free decryptor. In any case, you need to remove Dutan Ransomware at the end, and while manual removal is possible, we recommend using anti-malware software that could automatically erase the threat and, at the same time, secure the system to protect it against new infections.