Cdtt ransomware is file-encrypting malware from the Djvu ransomware family. It’s a very dangerous piece of malicious software because it encrypts personal files. Once files have been encrypted, their recovery is not always possible. This ransomware can be identified by the .cdtt extension it adds to encrypted files.



As soon as the ransomware is initiated, it will start encrypting files immediately. It mainly targets personal files, including photos, videos, documents, etc. You will know immediately which files have been affected because they will have the .cdtt file extension added to them. You will also not be able to open them.

When all files have been encrypted, Cdtt ransomware will drop a _readme.txt ransom note in all folders that have encrypted files. The note explains that the files have been encrypted and that you will not be able to recover them without a decryptor. Unfortunately, that is partially correct. To decrypt the files, you need a decryptor. The operators of this ransomware offer you the decryptor for $980. The note also mentions a 50% discount for victims who contact them within the first 72 hours.

We strongly discourage you from paying the ransom for several reasons. First of all, there are no guarantees that you will receive a decryptor after paying. Keep in mind that you are dealing with cyber criminals, and there is nothing to force them to keep their end of the deal. Many victims in the past did not receive their decryptors despite paying the ransom. Furthermore, your money would be used for future malicious activities. As long as users pay the ransom, ransomware will continue to be prevalent.

If you made a backup of your files before their encryption, you should be able to recover your files without any issues. However, you need to first remove Cdtt ransomware from your computer using anti-malware software. Only when ransomware is no longer present can you access your backup and start recovering your files.

If you do not have a backup of your files, your only option may be to wait for a free Cdtt ransomware decryptor to be released. To help victims recover their files, malware researchers are sometimes able to develop free decryptors. However, it’s not always possible. There is a free Djvu/STOP ransomware decryptor by Emsisoft but it does not work on more recent Djvu versions like Cdtt ransomware. In this case, a free Cdtt ransomware decryptor is only possible if the malware operators release the online keys that were used to encrypt data. Until then, a decryptor is highly unlikely.

It’s also worth mentioning that if you were to search for a free Cdtt ransomware decryptor, you may encounter many fake ones. If you cannot find a decryptor on a site like NoMoreRansom, it likely does not exist. Downloading the wrong decryptor could lead to additional malware infections.

How did Cdtt ransomware infect your computer?

If you have poor browsing habits, you’re significantly more likely to encounter malware. This is especially the case if you download copyrighted content via torrents, open unfamiliar email attachments, click on random links, interact with ads, etc. If you want to decrease the risk of encountering malware, familiarize yourself with how malware spreads and develop better browsing habits.

One of the most common ways malware enters users’ computers is via email attachments. Users receive an email that looks like it’s sent by a known company/organization, and when they open its attachment, the malware concealed inside it can initiate and start its malicious processes. These kinds of emails are usually made to appear like they were sent by legitimate companies, known company names are also used to make the recipient lower their guard. However, because the emails target hundreds if not thousands of users at once, they’re very generic and, thus easy to identify.

In many generic malicious emails, one of the most recognizable signs is grammar/spelling mistakes. If you notice very obvious mistakes in what’s supposed to be a professional email, it’s likely a sign that the email is either spam or it’s malicious. Another sign is the email addressing you as “User”, “Member”, “Customer”, etc. when the sender should know your name. Malicious senders can claim to be from legitimate companies whose services you use but they do not have access to your personal information, so they’re forced to use generic words to address you. When a company whose services you use emails you, they will always address you by name because it makes the email feel more personal.

It’s worth mentioning that when the targets are specific users and the malicious actors have certain information, malicious email can be much more sophisticated. Thus, as a precaution, it’s always recommended to scan unsolicited email attachments with anti-virus software or VirusTotal.

Malware is also often distributed via torrents, specifically through torrents for entertainment content (movies, TV series, video games, etc.). Torrent sites are usually poorly regulated, which allows malicious actors to upload torrents with malware in them. If you use torrents to download copyrighted content, you’re not only essentially stealing content but also putting your computer and data in danger.

Cdtt ransomware removal

It is a very complex malware infection, which is why you should not try to remove Cdtt ransomware manually. Unless you know exactly what to do, you could end up causing additional damage to your computer. Using a good anti-malware program is recommended.

Once you delete Cdtt ransomware with anti-malware, you can access your backup and start recovering your files. Keep in mind that if ransomware is still present when you connect to your backup, your backed-up files will become encrypted as well.

If you do not have a backup, your only option is to wait for a free Cdtt ransomware decryptor to become available. However, as we mentioned already, whether it will be released is not certain. If it does become available, it will appear on NoMoreRansom.

Cdtt ransomware is detected as:

  • Win32:TrojanX-gen [Trj] by AVG/Avast
  • Trojan.GenericKD.71169959 by BitDefender
  • HEUR:Trojan-Ransom.Win32.Stop.gen by Kaspersky
  • Trojan:Win32/StealC.CCGL!MTB by Microsoft
  • A Variant Of Win32/Kryptik.HVYE by ESET
  • Trojan.MalPack.GS by Malwarebytes
  • Trojan.Win32.PRIVATELOADER.YXEAKZ by TrendMicro


More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply