$ucyLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1,740 |
| First Seen: | June 9, 2017 |
| Last Seen: | November 2, 2023 |
| OS(es) Affected: | Windows |
The $ucyLocker Ransomware is an encryption ransomware Trojan that is used to make the victims' files unreachable to demand the payment of a ransom from the victim. As with many other ransomware Trojans that use similar tactics, the $ucyLocker Ransomware is delivered using corrupted email attachments, which may take the form of documents with compromised macros and scripts that download and install the $ucyLocker Ransomware onto the victim's computer. These email messages may be disguised to look like messages from popular online retailers and social media platforms such as Facebook and Amazon.
Table of Contents
How the $ucyLocker Ransomware Carries out Its Attack
The $ucyLocker Ransomware is a variant of HiddenTear. This is an open source ransomware platform that was released in 2015 for 'educational purposes.' The con artists have adapted HiddenTear's open source code to create threatening encryption ransomware Trojans since its release. The $ucyLocker Ransomware communicates with its Command and Control servers and relays information about the infected computer, as well as receiving data required to carry out its attack. The $ucyLocker Ransomware infection is typical of these infections. The $ucyLocker Ransomware will search the victim's computer for files with certain file types, which include the following:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The $ucyLocker Ransomware will use a strong encryption method to make the files completely inaccessible. The file extension '.WINDOWS' will be added to the end of each affected file's name. The $ucyLocker Ransomware demands the payment of 0.16 BitCoin, which at the current exchange rate is approximate $450 USD. The $ucyLocker Ransomware displays a ransom message in a text file named 'READ_IT.txt' that is dropped on the infected computer's Desktop. This file contains the following message:
'Your files have been encrypted.
Read the Program for more information
read program for more information.'
The $ucyLocker Ransomware Ransom Note Program
The $ucyLocker Ransomware displays its main ransom message in a program window that includes three different messages with instructions on how to pay the ransom and what occurred to the victim's data. The following are the three messages that are displayed in the $ucyLocker Ransomware's ransom note:
'Your computer is locked. Please do not close this window as that will result in serious computer damage
Click next for more information and payment on how to get your files back.
$usyLocker
'Your Files are locked. They are locked because you downloaded something with this file in it. This is ransomware. It locks your files until you pay for them. Before you ask, Yes we will give you your files back once you pay and our server confirm that you pay.
Next'
'I paid, Now give me back my files
Send 0.16 to the address below
[34 RANDOM CHARACTERS]
bitcoin
ACCEPTED HERE'
Dealing with the $ucyLocker Ransomware
Unfortunately, once the $ucyLocker Ransomware has encrypted the victim's data, it is not possible to recover it without the decryption key. However, the people responsible for the $ucyLocker Ransomware cannot be trusted to deliver it after the ransom is paid and, even if they do, paying these ransoms allows the further development of this and other ransomware Trojans. Instead, take steps to protect your data with the help of a reliable, fully updated anti-malware program and use a backup system to keep copies of your files on an external memory device or the cloud.
