Threat Database Ransomware BUYUNLOCKCODE

BUYUNLOCKCODE

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: January 6, 2015
OS(es) Affected: Windows

BUYUNLOCKCODE is a ransomware Trojan that encrypts the victim's files and then requires a payment in order to decrypt the affected files. Currently, there is no standard payment amount. This is because BUYUNLOCKCODE forces computer users to contact BUYUNLOCKCODE's creators via email in order to receive payment instructions. The ransom amount may be different depending on the client. For example, an individual may be required to pay $500 USD while the fee for an affected corporate victim may be several thousand dollars. There have been several disposable emails associated with BUYUNLOCKCODE, including Sin.Jun@tom.com, nick.jameson@expressmail.dk and ChiuKhan@tom.com as well as many more.

How BUYUNLOCKCODE Attacks a Computer User

The reason why BUYUNLOCKCODE receives its name is because after BUYUNLOCKCODE infects the victim's computer, BUYUNLOCKCODE encrypts the files on the affected hard drive (that may include documents, pictures, videos and similar types of files) and then creates a file on the victim's desktop named BUYUNLOCKCODE.txt. This ransomware Trojan will also replace the victim's desktop wallpaper with BUYUNLOCKCODE's instructions on receiving a decrypting utility. This image takes the form of a black background with the BUYUNLOCKCODE text. BUYUNLOCKCODE uses RSA-1024 encryption algorithm which requires a unique code for decryption. BUYUNLOCKCODE does not delete Shadow Volume copies, meaning that may exist a way to restore some of the affected files after removing the BUYUNLOCKCODE Trojan from the affected computer using utilities like Previous Versions or Shadow Explorer.

The BUYUNLOCKCODE text file has the following text:

'Hi, your ID = XXXXX
All important files were encoded with RSA-1024 encryption algorithm.
There is the only way to restore them - purchase the unique unlock code.
Warning! Any attempt to recovering files without our "Special program" will cause data damage or complete data loss.
As we receive your payment, we will send special program and your unique code to unlock your system.
Guarantee: You can send one of the encrypted file by email and we decode it for free as proof of our abilities.
No sense to contact the police. Your payment must be made to the e-wallet. It's impossible to trace.
Don't waste your and our time.
So, if you are ready to pay for recovering your files, please reply this email Sin.Jun@tom.com
Then we will send payment instructions.'

Dealing with BUYUNLOCKCODE Ransomware

If your files have been encrypted using BUYUNLOCKCODE, PC security researchers strongly advise remaining calm and never paying money for the unlock code unless the encrypted files were essential. However, with files so important, computer users should make it a policy to use offsite backups to reinstall them in the event of a catastrophe. Paying BUYUNLOCKCODE's ransom will only allow the creators of BUYUNLOCKCODE to continue carrying out their strategy, affecting numerous other computer users.

Computer users should attempt to use Shadow Volume restoration tools to recover at least some of the files. However, a reliable, fully updated security application should first be used to ensure that no traces of BUYUNLOCKCODE and its associated threats remain on the infected computer. Using these types of tools may help recover some of the encrypted content. Paying the BUYUNLOCKCODE asked fee will not guarantee that the persons responsible for this attack will allow you to recover your files. The best path in these situations is not to allow them to win. In case of a BUYUNLOCKCODE infection or an attack with a similar threat you should:

  1. Always make sure that all of your important files are backed up on an offsite location, such as a separate machine or on the cloud.
  2. Protect your computer with a fully updated security program and run regular scans of your computer.
  3. Avoid unknown or untrustworthy online content to prevent infection with Trojans and other threats associated with BUYUNLOCKCODE and other file encryptors.

Aliases

11 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Win32/DH{gQwPAxNk}
Ikarus Trojan.Win32.Filecoder
McAfee Artemis!31D50DE977A0
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric
Sophos Mal/Generic-S
McAfee-GW-Edition BehavesLike.Win32.SpywareLyndra.fh
DrWeb Trojan.Siggen6.27667
Comodo TrojWare.Win32.TrojanDownloader.Delf.~TZ
Kaspersky HEUR:Trojan.Win32.Generic
Avast Win32:Malware-gen
Symantec Trojan.Cryptolocker.E

SpyHunter Detects & Remove BUYUNLOCKCODE

File System Details

BUYUNLOCKCODE may create the following file(s):
# File Name MD5 Detections
1. RIcKP.exe 31d50de977a0c214f0c35ac769c399ad 3
2. BUYUNLOCKCODE.txt

Related Posts

Trending

Most Viewed

Loading...