Threat Database Ransomware $ucyLocker Ransomware

$ucyLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1,740
First Seen: June 9, 2017
Last Seen: November 2, 2023
OS(es) Affected: Windows

The $ucyLocker Ransomware is an encryption ransomware Trojan that is used to make the victims' files unreachable to demand the payment of a ransom from the victim. As with many other ransomware Trojans that use similar tactics, the $ucyLocker Ransomware is delivered using corrupted email attachments, which may take the form of documents with compromised macros and scripts that download and install the $ucyLocker Ransomware onto the victim's computer. These email messages may be disguised to look like messages from popular online retailers and social media platforms such as Facebook and Amazon.

How the $ucyLocker Ransomware Carries out Its Attack

The $ucyLocker Ransomware is a variant of HiddenTear. This is an open source ransomware platform that was released in 2015 for 'educational purposes.' The con artists have adapted HiddenTear's open source code to create threatening encryption ransomware Trojans since its release. The $ucyLocker Ransomware communicates with its Command and Control servers and relays information about the infected computer, as well as receiving data required to carry out its attack. The $ucyLocker Ransomware infection is typical of these infections. The $ucyLocker Ransomware will search the victim's computer for files with certain file types, which include the following:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The $ucyLocker Ransomware will use a strong encryption method to make the files completely inaccessible. The file extension '.WINDOWS' will be added to the end of each affected file's name. The $ucyLocker Ransomware demands the payment of 0.16 BitCoin, which at the current exchange rate is approximate $450 USD. The $ucyLocker Ransomware displays a ransom message in a text file named 'READ_IT.txt' that is dropped on the infected computer's Desktop. This file contains the following message:

'Your files have been encrypted.
Read the Program for more information
read program for more information.'

The $ucyLocker Ransomware Ransom Note Program

The $ucyLocker Ransomware displays its main ransom message in a program window that includes three different messages with instructions on how to pay the ransom and what occurred to the victim's data. The following are the three messages that are displayed in the $ucyLocker Ransomware's ransom note:

'Your computer is locked. Please do not close this window as that will result in serious computer damage
Click next for more information and payment on how to get your files back.

'Your Files are locked. They are locked because you downloaded something with this file in it. This is ransomware. It locks your files until you pay for them. Before you ask, Yes we will give you your files back once you pay and our server confirm that you pay.

'I paid, Now give me back my files
Send 0.16 to the address below

Dealing with the $ucyLocker Ransomware

Unfortunately, once the $ucyLocker Ransomware has encrypted the victim's data, it is not possible to recover it without the decryption key. However, the people responsible for the $ucyLocker Ransomware cannot be trusted to deliver it after the ransom is paid and, even if they do, paying these ransoms allows the further development of this and other ransomware Trojans. Instead, take steps to protect your data with the help of a reliable, fully updated anti-malware program and use a backup system to keep copies of your files on an external memory device or the cloud.


Most Viewed