KENS@TUTA.IO ransomware (Bonus: Decryption Steps) - Virus Removal Guide

KENS@TUTA.IO virus Removal Guide

What is KENS@TUTA.IO ransomware?

KENS@TUTA.IO ransomware – malware that hits Windows computers and demands a BTC ransom for the release of locked files

KENS@TUTA.IO malwareKENS@TUTA.IO ransomware - malware that uses unique ciphers to code up data that is found on the infected Windows PC

KENS@TUTA.IO ransomware is considered to be a malware form from the family of file-encrypting threats. The main goal of this parasite is to locate all of the remaining files, folders, and documents on the infected Windows computer and use a unique algorithm to lock them all up. When the encryption process is finished, all the file names get the .KENS@TUTA.IO appendix added and this is the mark that shows victims that the data has been coded.

Afterward, KENS@TUTA.IO ransomware releases a ransom message named how_to_back_files.html where cybercriminals urge for a Bitcoin ransom in exchange for the release of the blocked components. Hackers also insist on receiving communication via email KENS@TUTA.IO or KENS@DR.COM. Afterward, the users are likely to receive further payment instructions and the ransom price as it is not mentioned in the message. Our recommendation would be to avoid paying criminals as there is a high chance of getting scammed and not receiving the decryption tool at all.

Name KENS@TUTA.IO ransomware
Type Ransomware virus/file-encrypting cyber threat
Family This malware belongs to the GlobeImposter ransomware family
Extension When all of the files, folders, and documents are encrypted with a unique algorithm, all of the filenames receive the KENS@TUTA.IO appendix as a sign of the encryption process
Ransom note The ransomware virus provides the how_to_back_files.html ransom note where the ransom demands, crooks contacts, and threatenings are written
Price Even though hackers do not provide a particular price that needs to be paid in exchange for the decryption tool, these people outline that Bitcoin cryptocurrency is a requirement. Further information is said to be passed to victims after they contact hackers via email addresses
Crooks' emails Crooks provide KENS@TUTA.IO or KENS@DR.COM email addresses as a way to make contact with the victims
Distribution Ransomware infections are commonly spread through phishing email messages that pretend to come from reliable companies. The malicious payload often comes in the form of some type of attachment
Removal tip If you have been dealing with this malware lately, you should take care of the elimination process ASAP. For this task, employ reliable antimalware software to make sure that the cyber threat has been deleted properly
Fixing tool If you have encountered any damaged or compromised areas on your Windows computer system, you can try repairing them by employing a fixing tool such as FortectIntego

KENS@TUTA.IO ransomware is a virtual parasite that can be downloaded to the computer system through an infectious attachment that comes clipped to a phishing email message. Also, you can receive the malicious payload from a software crack that is downloaded from a pirating network. This mostly happens to users who are not aware of their online safety.

KENS@TUTA.IO ransomware developers target Windows computer systems as this type of operating system is the most commonly used in the world and easier to hack than macOS or Linux. When the malware settles on the PC, it makes significant changes to the Windows Registry, Task Manager, and other directories.

Some ransomware viruses can end up messing with the computer boot options and system settings. Also, these threats can disable Firewalls and other security software to stay persistent on the infected Windows computer and avoid detection. Beware that KENS@TUTA.IO ransomware might be capable of these activities too.

KENS@TUTA.IO ransomware can also run specific PowerShell commands to delete the Shadow Volume Copies[1] of the encrypted documents. This way the authors of the malware seek to harden the decryption process for the victims. Besides, they also write threatenings in the ransom message to keep users away from other file recovery options:

Your files are encrypted!
Your personal ID

Your important documents, databases, programs, saving games, documents, network folders are encrypted for your network security problems.
No data from your computer was not stolen or removed.
To restore your files, follow the instructions.
How to get the automatic decryptor:
1) Create a Wallet and buy Bitcoins
Create Bitcoin Wallet of these sites:
Buy BTC on one of these sites:
2) Contact us by email : KENS@TUTA.IO. and KENS@DR.COM In the letter include your personal ID (look at the beginning of this document)

3) After answering your inquiry, our operator will give you further instructions, which will be shown what to do next (the answer you get as soon as possible)

* To be sure in getting the decryption you can send 1-2 encrypted files to KENS@TUTA.IO In the letter include your personal ID (look at the beginning of this document).

** Write here on the mail for a faster response KENS@TUTA.IO

Do not attempt to remove the program or run the anti-virus tools.
Attempts to self-decrypting files will result in the loss of your data.
Decoders are not compatible with other users of your data, because each user's unique encryption key.
We are not liars or cheaters. You pay – we help.

The demanded ransom price is not mentioned and will supposedly be provided when the victims aim to connect hackers via email. However, KENS@TUTA.IO ransomware creators urge for a Bitcoin ransom price as digital currency transfers help cyber crooks to stay anonymous and avoid their transactions getting cost. However, this also decreases the victims' chances of receiving their lost money almost to zero.

KENS@TUTA.IO ransomware can also initiate remote malware installations. Ransomware viruses[2] can bring others of its kind or can include trojans, spyware to the computer system. This way the users can receive important file losses, get their data and money stolen, experience permanent system or software corruption.

KENS@TUTA.IO ransomware removal is the only way to diminish the chances of getting infected with additional malware. Also, you will not be able to recover your files if you do not get rid of the ransomware. Note that it is very important to terminate all malicious components from the computer system, otherwise, the infection can automatically return within the next computer boot process.

You can remove KENS@TUTA.IO ransomware from your Windows PC with the help of a reliable antivirus product that is capable of detecting the malware and dealing with it. Also, if you have discovered any system compromisation that happened during the malware attack, you can try repairing the altered areas by employing a tool such as FortectIntego.

KENS@TUTA.IO ransomware virusKENS@TUTA.IO ransomware is a malware form that belongs to the GlobeImposter ransomware family

Paying the ransom vs. trying third-party tools

Crooks who distribute ransomware viruses want to receive their payments as soon as possible and their only goal is money. Sometimes these people might make it look like they care about what is going to happen with the victim's files but they truly do not. By paying the demanded ransom price for KENS@TUTA.IO ransomware developers or any other hackers, you risk not receiving the decryption tool at all or getting a fake one.

Criminals are likely to scare people by claiming that if they try to touch their files, they will be permanently damaged, etc. Also, crooks discourage using third-party software as it is also claimed to cause severe destruction. However, this is not true and alternative software is not going to destroy your files. If you choose the right tool, it might truly be helpful and allow you to restore at least some of your locked files and documents.

Since there is no official decryption tool released for files that have been locked by KENS@TUTA.IO ransomware, we also recommend employing third-party tools that might help you to recover at least some of your files. Note that this is definitely better than letting crooks to benefit from you and tricking you. You can find three different tools provided at the end of this article. Go through all of the suggestions and try out the most suitable ones.

KENS@TUTA.IO ransomwareKENS@TUTA.IO ransomware - a dangerous computer virus that locks up files and demands a ransom for the decryption key

File-encrypting malware and phishing emails are closely related

Cybersecurity experts from LosVirus[3] urge people to be careful of spam letters and various received email that you were not expecting lately. Crooks often misuse the user's naivety and credulity and aim to drop legitimate-looking messages to random people's email boxes. You might receive an email from some type of shipping, healthcare, or banking organization. However, you should not rush to believe in it if it was very unexpected.

First, check the sender and if the letter is coming from some type of rogue person – delete it immediately. Also, search the entire text for grammar mistakes as official companies would not leave any in their email messages. However, you can even try contacting the company that has emailed you via mobile phone, this way you will be sure if the message is official or not. Most importantly, do not open any attached files without scanning them with antimalware software first.

Ransomware infections can also get delivered through software cracks, for example, key generators that are posted on peer-to-peer websites such as The Pirate Bay. These types of networks do not offer anything legitimate and many hackers often find ways how to misuse them for their own illegal purposes.

Installing reliable antimalware protection is also a step that should be taken by every computer user as automatic security ensures a higher level of safety that cannot be achieved only by the user himself. Also, do not forget to regularly update your antivirus/antimalware tool as outdated software might also be the target of crooks.

Advanced removal possibilities for KENS@TUTA.IO ransomware

If you have been attacked by KENS@TUTA.IO ransomware, you should complete its removal process as soon as possible before it causes any additional malware infiltration. Also, you will not be able to restore your files if you do not get rid of the parasite first.

For KENS@TUTA.IO ransomware removal, employ reliable antivirus tools that would be capable of deleting such complex malware from your Windows computer. Also, if the ransomware virus has been blocking your antimalware product lately, you can try diminishing such unexpected changes with the help of Safe Mode with Networking. The instructions on how to perform this method are added to the end of this article.

When you remove KENS@TUTA.IO ransomware from the PC and are sure that no malicious entries are left, you can start searching for possible system damage. Tools such as SpyHunter 5Combo Cleaner and Malwarebytes should help you find all of the altered objects. If the scan results show any infected areas, you can try repairing them with another program such as FortectIntego.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of KENS@TUTA.IO virus. Follow these steps

Manual removal using Safe Mode

To diminish malicious changes and deactivate the ransomware virus on your Windows computer, you should reboot the machine in Safe Mode with Networking as shown in the below-provided guidelines:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove KENS@TUTA.IO using System Restore

To deactivate the parasite and all of the malicious settings that it has included on the Windows machine, use the System Restore feature. If you do not know how to activate this type of function, look at the following instructions.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of KENS@TUTA.IO. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that KENS@TUTA.IO removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove KENS@TUTA.IO from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

Locked files can cause a lot of stress and the users might rush to pay the demanded price to the crooks. However, this is not a really good option as there is a lot of risk of getting scammed. Rather than taking such chances and probably losing your money for nothing, try some of the following data recovery methods.

If your files are encrypted by KENS@TUTA.IO, you can use several methods to restore them:

Employ Data Recovery Pro for file restoring tasks

If the ransomware virus has encrypted your files, you can try recovering some of them by using this piece of software. Carry out all steps exactly as required to reach the best results possible.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by KENS@TUTA.IO ransomware;
  • Restore them.

Use Window Previous Versions feature to recover some data

If you have enabled the System Restore function in the past, applying this method might bring you very good results and help you to restore at least some of your files and folders.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Chose Shadow Explorer for data recovery

Try restoring at least some files and documents with the help of this software. However, note that the product might not work if the ransomware virus has permanently erased or destroyed the Shadow Volume Copies of encrypted data.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, cybersecurity experts are still working on the official decryptor.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from KENS@TUTA.IO and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions