DOOK Virus (.DOOK Files Decryption) & Ransomware Removal

The Dook virus falls under the Dharma ransomware family. Harmful software of this type encrypts all the data on your PC (photos, documents, excel sheets, music, videos, etc.) and appends its extra extension to every file, leaving the README!.txt files in each directory which contains the encrypted files.

What is known about the Dook virus?

☝️ Dook is a Dharma family ransomware-type virus.

The pattern of renaming is this: id-xxxx.[contact-email].DOOK. As a part of the encryption, a file entitled, for instance, “report.docx” will be turned into “report.docx.id-9ECFA84E.[[email protected]].DOOK”.

In each folder containing the encoded files, a README!.txt text document will be created. It is a ransom money memo. It contains information about the ways of contacting the racketeers and some other remarks. The ransom note usually contains a description of how to buy the decryption tool from the racketeers. You can obtain this decryptor after contacting [email protected] via email. That is how they do it.

Dook Summary:

The README!.txt file accompanying the Dook ransomware provides the following discouraging information:

Your data has been stolen and encrypted!
 
email us
 
[email protected] or [email protected] 

In the screenshot below, you can see what a directory with files encrypted by the Dook looks like. Each filename has the “.DOOK” extension appended to it.

How did my machine catch Dook ransomware?

There are many possible ways of ransomware infiltration.

Nowadays, there are three most popular ways for criminals to have ransomware planted in your digital environment. These are email spam, Trojan injection and peer-to-peer file transfer.

• If you open your inbox and see emails that look just like notifications from utility services providers, postal agencies like FedEx, Internet providers, and whatnot, but whose mailer is unknown to you, beware of opening those letters. They are very likely to have a viral file attached to them. Thus it is even riskier to download any attachments that come with letters like these.
• Another option for ransom hunters is a Trojan horse model. A Trojan is a program that gets into your machine disguised as something different. For example, you download an installer for some program you need or an update for some program. But what is unboxed turns out to be a harmful agent that corrupts your data. As the update wizard can have any name and any icon, you’d better be sure that you can trust the resource of the stuff you’re downloading. The optimal thing is to trust the software companies’ official websites.
• As for the peer-to-peer networks like torrents or eMule, the danger is that they are even more trust-based than the rest of the Web. You can never know what you download until you get it. So you’d better be using trustworthy resources. Also, it is reasonable to scan the directory containing the downloaded items with the antivirus as soon as the downloading is complete.

How do I get rid of ransomware?

It is crucial to note that besides encrypting your files, the Dook virus will most likely deploy Vidar Stealer on your computer to get access to credentials to different accounts (including cryptocurrency wallets). That spyware can derive your logins and passwords from your browser’s auto-filling cardfile.

How do I avoid ransomware attack?

Dook ransomware doesn’t have a superpower, so as any similar malware.

You can defend your PC from ransomware injection in several easy steps:

• Never open any letters from unknown mailboxes with strange addresses, or with content that has nothing to do with something you are expecting (how can you win in a money prize draw without participating in it?). In case the email subject is likely something you are waiting for, scrutinize all elements of the dubious email carefully. A hoax email will surely have a mistake.
• Do not use cracked or unknown software. Trojans are often distributed as a part of cracked products, most likely as a “patch” which prevents the license check. Understandably, untrusted programs are difficult to distinguish from trustworthy ones, as trojans may also have the functionality you seek. You can try to find information on this program on the anti-malware forums, but the best solution is not to use such software.

Frequently Asked Questions

🤔 Can I somehow access “.DOOK” files?

Unfortunately, no. You need to decipher the “.DOOK” files first. Then you will be able to open them.

🤔 The encrypted files are very important to me. How can I decrypt them quickly?

It’s good if you have fаr-sightedly saved copies of these important files elsewhere. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. The rest of the methods require patience.

🤔 What should I do if the Dook malware has blocked my PC and I can’t get the activation code.

🤔 What could help the situation right now?

Some of the blocked data can be found elsewhere.

• If you sent or received your critical files via email, you could still download them from your online mail server.
• You might have shared images or videos with your friends or relatives. Just ask them to post those images back to you.
• If you have initially got any of your files from the Web, you can try to do it again.
• Your messengers, social networks pages, and cloud drives might have all those files as well.
• It might be that you still have the needed files on your old PC, a notebook, mobile, flash memory, etc.

USEFUL TIP: You can employ data recovery programs² to retrieve your lost information since ransomware encodes the copies of your files, deleting the authentic ones. In the video below, you can learn how to use PhotoRec for such a restoration, but be advised: you won’t be able to do it before you eradicate the virus with an antivirus program.

1. My files are encrypted by ransomware, what should I do now?
2. Here are Best Data Recovery Software Of 2023.