This cyber threat acts similarly to its precursors, such as REPL, MAAS, ZIDA, ERIF, and others. All of the versions of this ransomware family use a disguise to hide their presence at first. Usually, the encryption process is hidden by opening a fraudulent Windows Update screen to stop people from interfering with the encryption procedure. Victims of KUUS ransomware see a legitimate-looking OS update window and are tricked to believe that their systems are not infected. Although, at that time this file-encrypting virus is locking all data on the affected computer. Later, it drops a ransom note (_Readme.txt) where the cybercriminals explain what is file encryption and indicate that a strong cryptographic algorithm was used that cannot be broken. In other terms, victims are not able to use or open almost all data on the computer, including videos, images, documents, etc. Attackers offer a 50% discount within the first 72 hours of the infection. During this time, users must pay $490, and later the price increases to $980 in Bitcoins for the KUUS file decryption tool. The ransom must be transferred in cryptocurrency to a specific account given via e-mails. Some technical virus details: It is known that the current version of STOP/DJVU was first compiled and planned for distribution in 2019-04-24. The malware targets computers with Intel 386 or later processors and compatible processors. The program type itself is executable (Win32).

Alternative ways to decrypt locked data

Even though cybercriminals claim that there is no other way to restore victim’s files, our security researchers do not recommend collaborating with them. There are alternative methods to decrypt affected files. Use the STOP/DJVU decryption guide to find out more. Although, you should stay away from suspicious free decryption tools offered online unless they are verified by security researchers. Many other cybercriminals try to trick confused people into downloading malware disguised as so-called tools to decrypt .kuus files. Before you try to get back your data you must remove KUUS ransomware virus from your computer. Since it has numerous components located and hidden in various directories on the system, we suggest the easiest way to uninstall all of them at once is using anti-malware software of your choice. In addition, we recommend using RESTORO. It is a professional system repair tool that can help you to repair virus damage on the system. You should start KUUS file virus removal by running an entire system scan to allow the software locate all elements related to the virus. Once this security software scans your system, it puts malicious components into quarantine to stop the activities causing computer damage. Later, it carefully uninstalls ransomware files and ensures that the PC is malware-free. You will find detailed instructions on how to start the elimination procedure at the end of this article.

Main Threat Features

Live demonstration of KUUS ransomware encrypting our test file folder: Description: KUUS ransomware is a highly malicious file-encrypting computer virus that is the 241st version of STOP/DJVU. The program behaves like a file-encrypting process that drops a message from cybercriminals in _readme.txt file. After a successful attack, all victims files can no longer be opened or modified and are marked with .kuus file extension. Offer price: 980 Currency: USD Operating System: Windows Application Category: Ransomware Author: STOP/DJVU authors

Criminals disguise malware as fraudulent Adobe Flash update pop-ups or software cracks

The majority of ransomware victims got their computers infected by clicking on the fake Adobe Flash Player update pop-up that appears while browsing on suspicious websites. Criminals have designed the advertisement to look exceptionally legit and many people have felt for this popular trick to distribute file-encrypting viruses. Attackers create a pop-up that resembles update notifications coming from the official Adobe Player software on the computer. Although, it appears on the browser rather than on the system itself. Unfortunately, people do not investigate the pop-up before clicking on the update button once it appears on the screen. As a result, the button triggers the automatic download and installation of a ransomware executable file and runs it right away. In addition, STOP/DJVU distributors tend to create fake software cracks which people download through peer-to-peer file sharing agents in order to activate software licenses illegally. Victims of KUUS ransomware have been spotted to be attacked via Adobe Photoshop cracks, GTA cracks and similar game or software activators. Please, refrain yourself from downloading illegal software copies – it is utterly dangerous! You can protect your computer from such malware infiltration attempts by avoiding to visit questionable sites. It includes illegal video streaming and file-sharing networks, various unofficial gaming sites, and others. Note that file-encrypting viruses might appear as ads while browsing. Therefore, you should stop clicking on promotional content online as well.

KUUS ransomware virus removal guide

It is essential to mention that KUUS ransomware removal is a highly complicated procedure. This file-encrypting virus is designed to modify Windows hosts file to disrupt the connection to security websites and certain antivirus tools. Likewise, you might struggle to download and install the malware removal software or browse the Internet for help. Although, you can learn how to reset Windows hosts file back to default in case you cannot access security programs. Another method to circumvent the virus is to reboot your computer into Safe Mode. This way you will be able to use your chosen security software to run a full system scan. Automatic elimination helps to remove KUUS ransomware virus and all of its components from the system. In other terms, the infection will not reappear to damage your computer further. The instructions below will show how to start malware removal. Afterward, you can use the latest backup copy to restore encrypted information. Additionally, we recommend scanning with RESTORO to eliminate virus damage on OS files. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.

Method 1. Enter Safe Mode with Networking

Before you try to remove KUUS ransomware virus virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, if you prefer a video version of the tutorial, check our guide How to Start Windows in Safe Mode on Youtube. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users Now, you can search for and remove KUUS ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable security program such as INTEGO Antivirus. For virus damage repair, consider using RESTORO.

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.

Alternative software recommendations

Malwarebytes Anti-Malware Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Decrypt KUUS files

Fix and open large KUUS files easily:

It is reported that STOP/DJVU ransomware versions encrypt only the beginning 150 KB of each file to ensure that the virus manages to affect all files on the system. In some cases, the malicious program might skip some files at all. That said, we recommend testing this method on several big (>1GB) files first.

STOP/DJVU decryption tool usage guide

STOP/DJVU ransomware versions are grouped into old and new variants. KUUS ransomware virus is considered the new STOP/DJVU variant, just like BPTO, ISWR, ISZA, BPSM, ZOUU, MBTF, ZNSM (find full list here). This means full data decryption is now possible only if you have been affected by offline encryption key. To decrypt your files, you will have to download Emsisoft Decryptor for STOP DJVU, a tool created and maintained by a genius security researcher Michael Gillespie. Note! Please do not spam the security researcher with questions whether he can recover your files encrypted with online key - it is not possible. In order to test the tool and see if it can decrypt KUUS files, follow the given tutorial.

Meanings of decryptor’s messages

The KUUS decryption tool might display several different messages after failed attempt to restore your files. You might receive one of the following messages: Error: Unable to decrypt file with ID: [example ID] This message typically means that there is no corresponding decryption key in the decryptor’s database. No key for New Variant online ID: [example ID]Notice: this ID appears to be an online ID, decryption is impossible This message informs that your files were encrypted with online key, meaning no one else has the same encryption/decryption key pair, therefore data recovery without paying the criminals is impossible. Result: No key for new variant offline ID: [example ID]This ID appears to be an offline ID. Decryption may be possible in the future. If you were informed that an offline key was used, but files could not be restored, it means that the offline decryption key isn’t available yet. However, receiving this message is extremely good news, meaning that it might be possible to restore your KUUS extension files in the future. It can take a few months until the decryption key gets found and uploaded to the decryptor. We recommend you to follow updates regarding the decryptable DJVU versions here. We strongly recommend backing up your encrypted data and waiting.

Victims of KUUS ransomware virus should report the Internet crime incident to the official government fraud and scam website according to their country:

In the United States, go to the On Guard Online website.In Australia, go to the SCAMwatch website.In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website.In Ireland, go to the An Garda Síochána website.In New Zealand, go to the Consumer Affairs Scams website.In the United Kingdom, go to the Action Fraud website.In Canada, go to the Canadian Anti-Fraud Centre.In India, go to Indian National Cybercrime Reporting Portal.In France, go to the Agence nationale de la sécurité des systèmes d’information.

If you can’t find an authority corresponding to your location on this list, we recommend using any search engine to look up “[your country name] report cyber crime”. This should lead you to the right authority website. We also recommend staying away from third-party crime report services that are often paid. It costs nothing to report Internet crime to official authorities. Another recommendation is to contact your country’s or region’s federal police or communications authority.