Futm ransomware is the virus demanding the $980 payment for the decryption tool that most likely does not exist

Futm virus can create major issues when the machine is infiltrated, and encoded data is not the only problem this threat is known for. Ransomware like this adds various processes and files on the machine to control the persistence and to avoid detection. The infiltration is unnoticed because threat actors deliver fake Windows update pop-ups to the screen to mask the real reason for the slowness and performance issues. However, once the threat is done with file damage and those documents, images or archives receive .futm appendix, the threat succeeds with the main procedure.
The infection uses a powerful encoding algorithm to treat common files and make them useless when the original code is changed. Futm virus is ransomware that’s part of the Djvu ransomware family. It encrypts files and modifies their filenames by appending .futm to file names that indicate that files are no longer available. Like most ransomware, this virus creates ransom notes immediately after. In this case, the _readme.txt file gets placed on your desktop and in other folders with encrypted pieces.
The ransom note for the Futm ransomware virus provides contact and payment information to its victims. The price of a decryption tool depends on how fast they will contact cybercriminals behind this campaign. Either 490 USD if users want their data encrypted sooner or 980 USD after 72 hours from attack.
Also, a free offer is available only if the victim sends one infected file. This is the technique used as proof that the threat group is trustworthy. Potential customers may have doubts about decrytpion and for a good reason. Experts[1] and researchers always note that paying is the last option when you are desperate, but keep in mind that there are too many risks behind it.[2]
| Name | Futm ransomware |
|---|---|
| Type | Cryptovirus, file-locker |
| Family | Djvu/STOP ransomware |
| File extension | .futm |
| Ransom note | _readme.txt |
| Amount demanded | $490/$980 |
| Contact info | manager@mailtemp.ch, helprestoremanager@airmail.cc |
| Distribution | Malicious files added to email attachments, pirating packages, malware pages |
| Removal | The best way to clear the infections from the system – antivirus apps based on AV detection engines. Try SpyHunterCombo Cleaner or MalwarebytesMalwarebytes for the best termination results |
| System fix | Machine gets significantly damaged when an infection like this spreads, so the particular functions need repairing. You can solve some virus damage issues using FortectIntego |
Dangers of ransomware-type threats
One of the most recent, yet dangerous types of viruses is called ransomware can evolve and show more advanced techniques nowadays. The victim needs to pay the ransom to unlock the data. Criminals demand the sum in cryptocurrency and usually in Bitcoin. Such scare tactics like claiming there will otherwise be negative effects if payment is not made soon enough encourage people to fall victim to this cryptocurrency extortion virus.
Actors behind these attacks have been known as untrustworthy due to their willingness at releasing even more variant viruses after one was released. The family has been known as one of the most active ones for years now, and there are no signs of them stopping these activities. The previous ones, including Qdla, Palq, Stax showed how many victims they could gather in a matter of days and weeks.
Futm virus delivers this ransom note as the informational message for all the victims:
ATTENTION!
Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-mj4o6S4Pz0
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.To get this software you need write on our e-mail:
manager@mailtemp.chReserve e-mail address to contact us:
supporthelp@airmail.ccYour personal ID:
The particular tactics that the Futm virus uses are tried and not changed for a while. Ransom note file name, contents, emails listed in the message, and even the ransom amount is determined back in 2019 and not changed for all this time. This method allows the family to spread and create new versions quickly. However, previous variants had the flaw that allowed victims to possibly get their files recovered. The newest versions are no longer decryptable.
Onlive ID vs. Offline ID differences
Almost every offline ID ends with t1. Encryption by the version that uses an offline key can be verified through viewing the particular personal ID listed in the ransom note. The offline ID indicates that the files got encrypted with the same key, and all victims of the threat can get their data recovered if one of them receives the decryption key.

The online key is generated by the ransomware server and means that only one set of keys were used throughout the encryption process. Unfortunately, there is no way around these locks unless someone finds another unique code via criminal destruction or leak of the database. Futm file virus is based on this method, so unique keys get formed for each individual device.
If your computer got infected with one of the Djvu variants, you should try using Emsisoft decryptor for Djvu/STOP. It is important to mention that this tool will not work for everyone – it only works if data was locked with an offline ID due to malware failing to communicate with its remote servers.
Even if your case meets this condition, somebody from the victims has to pay criminals, retrieve an offline key, and then share it with security researchers at Emsisoft. As a result, you might not be able to restore the encrypted files immediately. Thus, if the decryptor says your data was locked with an offline ID but cannot be recovered currently, you should try later. You also need to upload a set of files – one encrypted and a healthy one to the company’s servers before you proceed.
- Download the app from the official Emsisoft website.

- After pressing Download button, a small pop-up at the bottom, titled decrypt_STOPDjvu.exe should show up – click it.

- If User Account Control (UAC) message shows up, press Yes.
- Agree to License Terms by pressing Yes.

- After Disclaimer shows up, press OK.
- The tool should automatically populate the affected folders, although you can also do it by pressing Add folder at the bottom.

- Press Decrypt.

From here, there are three available outcomes:
- “Decrypted!” will be shown under files that were decrypted successfully – they are now usable again.
- “Error: Unable to decrypt file with ID:” means that the keys for this version of the virus have not yet been retrieved, so you should try later.
- “This ID appears to be an online ID, decryption is impossible” – you are unable to decrypt files with this tool.
The removal of the Futm ransomware virus
The threat can also alter various files and disable functions of the machine to ensure persistence. Malware includes quick changes and installs of files, the launch of processes, so the persistence is up. This is why we recommend eliminating infections as soon as possible with tools based on AV detection like anti-malware programs, system security apps.
Futm virus can be running for a while before the encryption starts, so the infection alters settings and disables programs, system features needed for the proper virus elimination. You can use the applications like SpyHunterCombo Cleaner or MalwarebytesMalwarebytes that scan the machine and can possibly locate affected and malicious parts to save your device from the threat.
Some ransomware might modify Windows hosts file in order to prevent users from accessing certain websites online. For example, Djvu ransomware variants add dozens of entries containing URLs of security-related websites, such as 2-spyware.com. Each of the entries means that users will not be able to access the listed web addresses and will receive an error instead.
Here’s an example of “hosts” file entries that were injected by ransomware:

In order to restore your ability to access all websites without restrictions, you should either delete the file (Windows will automatically recreate it) or remove all the malware-created entries. If you have never touched the “hosts” file before, you should simply delete it by marking it and pressing Shift + Del on your keyboard. For that, navigate to the following location:
C:\Windows\System32\drivers\etc\

Before moving on to data recovery
Futm virus removal and file recovery are two different processes. However, there are a few additional issues that need to be taken care of. The machine is significantly affected when it comes to such serious threats. Not only commonly used files get damaged. The infection also focuses on alterations in system folders.
Unfortunately, people ignore these messages and try to recover files before the full threat removal. This way Futm ransomware can run the second round of file encryption. This is how their existing data becomes permanently damaged. We advise avoiding unnecessary damage when possible because it is better to fix things when it is still possible.
Once a computer is infected with malware, its system is changed to operate differently. For example, an infection can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software is not capable of doing anything about it, leaving it just the way it is. Consequently, users might experience performance, stability, and usability issues, to the point where a full Windows reinstallation is required.

Therefore, we highly recommend using a one-of-a-kind, patented technology of FortectIntego repair. Not only can it fix virus damage after the infection, but it is also capable of removing malware that has already broken into the system thanks to several engines used by the program. Besides, the application is also capable of fixing various Windows-related issues that are not caused by malware infections, for example, Blue Screen errors, freezes, registry errors, damaged DLLs, etc.
- Download the application by clicking on the link above.
- Click on the ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process

- The analysis of your machine will begin immediately

- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.

By employing this tool, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of Windows reinstallation in case things go very wrong due to one reason or another.
Ransomware is a type of malware that can be downloaded and installed onto your system without you knowing. It will most likely show up when downloading repackaged or infected installers from popular websites, pirating platforms, torrent sites. When getting activators for apps or cheats for games, files with payload get downloaded.
Futm file virus could also come through hacking methods like poorly protected RDP configurations[3] via email spamming/malicious attachments in emails – misleading downloads or direct links. Cryptovirus and other threats have been known to spread by means, including exploiting software vulnerabilities. So caution is the best advice.
Do not hesitate to get rid of the Futm ransomware because with anti-malware tools you can clear any virus-related files and programs running on the machine. It is not the same as decryption of files, but before you add any new pieces, you must be sure that ransomware is terminated. Rely on SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, FortectIntego for the help when dealing with the infection like this. Such tools and occasional system checks can also help avoid virus removal in the first place.
Was this guide helpful?
Be the first to comment