UEFI Ransomware

The UEFI Ransomware is an encryption ransomware Trojan. Like most encryption ransomware Trojans, the main purpose of the UEFI Ransomware is to restrict access to the computer user's data. The UEFI Ransomware will then demand a ransom payment to restore that access. Ransomware Trojans like the UEFI Ransomware are among the most common and destructive threats active currently. Because of this, computer users should be aware of their presences and take steps to prevent and, if necessary, deal with these attacks.

Unlike Other Ransomware, the UEFI Ransomware Doesn’t Encrypt the Victim’s Files

PC security researchers first observed attacks involving the UEFI Ransomware in the first week of August 2017. There are some aspects of the UEFI Ransomware that differentiate it from most ransomware Trojans that are active currently, however. While most ransomware Trojans function by interfering with the victim's files, using a strong encryption algorithm to make them unreadable, the UEFI Ransomware will instead interfere with the infected computer's startup process, making it similar to some rootkit attacks. The UEFI Ransomware does not encrypt the victim's files. Rather, it modifies the MBR (Master Boot Record) to affect the victim's computer as it starts up before it even loads Windows. The UEFI Ransomware will make modifications to the infected computer that allow it to display a ransom note, demanding a ransom payment to restore the victim's computer to normality.

How the UEFI Ransomware’s Tactic Works

The UEFI Ransomware is similar to the Radiation Ransomware and the Hell Ransomware, and it is likely that a large portion of these threats' code were recycled by the UEFI Ransomware attack. The most common way in which the UEFI Ransomware is being delivered to victims is through the use of spam email messages. The victims will receive a spam email message that includes a Microsoft Word file attachment. This attachment will include a corrupted macro script that downloads and installs the UEFI Ransomware onto the victim's computer. Once the UEFI Ransomware has been installed, it will interfere with the infected computer's startup process, delivering the following message to the victim:

'Your Fles Are Encrypted By the UEFI Ransomware
In Order To Get Your Files back
Please send 350$ worth of Bitcoin to this:
[34 RANDOM CHARACTERS]'

Protecting Your Computer from Ransomware Trojans Like the UEFI Ransomware

Computer users must refrain from paying the UEFI Ransomware ransom, or the ransom amounts demanded by any of the ransomware Trojans that are active currently and being used to attack computer users. There are several reasons why paying these ransoms is not a good idea:

1. The con artists may ignore the ransom payment, or demand additional payments from the victim without restoring the affected computer.
2. Victims of these attacks that demonstrate a willingness to pay may be targeted for additional attacks.
3. Paying the UEFI Ransomware ransom allows its creators to continue creating and distributing these attacks.

Instead of paying the UEFI Ransomware ransom, take preventive measures to ensure that the damage from an infection is limited. The best shelter against ransomware Trojans like the UEFI Ransomware is to have a reliable backup system, preferably disk images of your data. This way, computer users can restore any affected data by wiping the affected drives and restoring the data from the file backups. Apart from file backups, however, it also is necessary to take steps that will prevent the UEFI Ransomware from being delivered to your computer in the first place. Since the main way in which the UEFI Ransomware is delivered is through spam email attachments, Computer users should learn how to spot and recognize these messages. Use a security utensil to intercept these attacks.