Chuk ransomware was recently discovered by researcher xiaopao. It is a malicious program based on the Dharma ransomware strain. Chuk follows a classic infection pattern. Once it infects its host, the ransomware initiates a scan that detects all user-generated files. It is after its victims' documents, pictures, databases, archives, backups, any file that might contain valuable information.
Chuk encrypts the target files with an AES encryption algorithm that locks the files and prevents the user from accessing their content. In other words, the user can see the icons of their files but cannot open, view, or edit them.
All data locked by Chuk is easily recognizable as the ransomware adds the ".chuk" extension to them. Additionally, a unique ID and the attackers' email are also added. For example, a file named "example.docx" will be renamed to "example.docx.id-C872kj876.[firstname.lastname@example.org].chuk.”
Following successful encryption, the ransomware drops text files named "FILES ENCRYPTED.txt," as well as opens a pop-up window that informs the victim of their unfortunate situation and lists the criminals' demands.
Ransom note text:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email email@example.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:firstname.lastname@example.org
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
The ransom notes don't mention a specific ransom. Instead, the victims are instructed to contact the ransomware operators via the email@example.com email address.
Additionally, the victims are warned not to rename the encrypted files, as well as to refrain from using third-party decryption tools as such activities will increase the price for decryption.
How does Chuk infect its victims?
Chuk uses standard, mass-distribution techniques to reach its victims. It lurks behind malspam campaigns, trojans, pirated/cracked applications, and software activators.
- Malspam – From classic emails to modern instant messages, criminals use various platforms to reach a broad spectrum of potential victims. These tricksters use trending topics and write messages under the guise of well-known organizations to trick their victims into downloading malicious files or clicking onto weaponized links. Bear this in mind the next time you receive an unexpected message from your post office, bank, or the police. Proceed with caution! Treat all unexpected messages as hazardous.
- Software activators – Many people download software activators that are developed to bypass paid software activation procedures. Hackers are well aware of this fact and take full advantage of it. They upload corrupted activators that install various malware threats.
- Pirated/cracked software – Much like the software activators technique, hackers upload corrupted software copies to various web platforms.
- Trojans – Trojans infections are quite dangerous as they jeopardize your PC's security. Some trojans allow their operators to access the infected devices remotely. Others are pre-programmed to download and install additional malware on the already corrupted devices. Therefore, all trojan infections must be taken seriously and dealt with promptly!