How to delete Futm ransomware

Futm ransomware is file-encrypting malware from the Djvu/STOP family. The malware encrypts files and then demands money for their decryption. The Djvu malwa family is responsible for releasing hundreds of these ransomware infections, with a new one appearing every few days. Futm ransomware is the most recent one. Unfortunately, it’s currently not possible to decrypt files for free, and getting the decryptor from the cybercriminals operating this ransomware would involve paying $980 in ransom.

 

 

Futm ransomware is practically identical to Qmak, Qdla, Irfk, and Palq, since they all come from the same Djvu/STOP ransomware family. The ransomware from this family can be identified by the extensions they add to encrypted files. For example, Futm ransomware adds .futm, hence why it’s known as Futm ransomware. The ransomware will target all your personal files, particularly photos, videos, documents, images, etc. All these files will have .futm attached to them. For example, image.jpg would become image.jpg.futm. While these files are being encrypted, the ransomware will display a fake Windows update window to presumably distract you from what’s going on. You will not be able to open any of the encrypted files unless you first run them through a decryptor. However, unfortunately, the only people with a decryptor are the cybercriminals operating this ransomware.

Once files are done being encrypted, a _readme.txt ransom note will be dropped in all folders containing encrypted files. The note is the generic one dropped by all ransomware from this family. The note explains that files have been encrypted and offers victims the decryption tool for $980. According to the note, victims who make contact within the first 72 hours would receive a 50% discount. Whether to pay the ransom or not is your decision but we feel it’s necessary to warn you about the risks involved in paying. The biggest risk is whether you will actually get the decryptor after paying. The thing about making deals with cyber gangs is that there is no way to know for sure whether they will keep their end of the deal. Many victims have paid in the past, only to receive nothing in return. Some victims receive faulty decryptors, though at least those can be fixed by malware researchers or anti-virus vendors. Another reason paying is usually not recommended is that as long as victims continue paying, ransomware will thrive.

Backing up files is one of the best ways to combat ransomware. And if you do have a backup, you can start recovering files as soon as you remove Futm ransomware from your computer. However, keep in mind that if the ransomware still remains when you connect to backup, backed-up files would become encrypted as well. This is why it’s a good idea to use anti-virus software to delete Futm ransomware. If you try to do it manually, you may end up not removing it fully, which would result in more encrypted files.

If you do not have a backup, the only option is to wait for a free decryptor. However, the thing about ransomware from this family is that they use online keys for encrypting files. That means that keys are unique for each victim and without them, malware researchers will not be able to create a working decryptor. Emsisoft has released a free Djvu/STOP decryptor but it only works on select ransomware that used offline keys to encrypt files. We should mention that not all hope is lost for those who do not have a backup because it’s possible that the cybercriminals themselves will drop the keys when they eventually stop their activities. Or law enforcement may eventually catch them. So if you have no other option, back up encrypted files and check NoMoreRansom for a free decryptor.

How is ransomware distributed

Ransomware and malware, in general, is the biggest issue for users with bad browsing habits. If you frequently open unsolicited email attachments, click on ads while browsing unsafe sites, pirate via torrents, etc., you have a higher chance of picking up malware infections.

Spam emails carrying malware are one the most common ways users pick malware infections. Cybercriminals purchase thousands of email addresses from hacker forums and use them to launch their malspam campaigns. Fortunately for users, the majority of the malspam emails are quite obvious. More sophisticated attempts are usually reserved for specific targets whose personal information crooks have access to. But generally, as long as you know what to look for, you should be able to recognize malicious emails with relative ease. One of the most obvious signs is grammar and spelling mistakes. If the sender claims to be from a company whose services you use but the contents are full of mistakes, the email is unlikely to be legitimate. But whether it’s done purposely or not, malicious emails are more often than not full of mistakes. Another sign that there may be something wrong is senders addressing you in generic “User”, “Member”, “Customer”, etc. If the sender is from a company whose services you use, they will most certainly use your name to address you. Otherwise, it would look unprofessional. Some malware distribution attempts via emails may be more sophisticated, which is why it’s recommended to always scan unsolicited email attachments with anti-virus software or VirusTotal.

If you are a torrent user, you’re also risking a malware infection. Torrent sites are often poorly regulated, which allows cybercriminals to upload malicious content disguised as movies, TV series, software, video games, etc.

Futm ransomware removal

Because ransomware is a highly sophisticated malware infection, it’s important that you use trustworthy anti-malware software to remove Futm ransomware from the computer. Otherwise, you may not fully get rid of it, allowing it to recover. This could lead to encrypted files in your backup, thus you need to be very careful. Once the ransomware is no longer present, you can connect to your backup and start recovering files.

If you do not have a backup, back up encrypted files and store them somewhere safe until a free decryptor is released. While it’s not available at the moment, it could be released in the future.