Threat Database Ransomware Ukash Paysafecard Virus Ransomware

Ukash Paysafecard Virus Ransomware

By ESGI Advisor in Ransomware

The term 'Ukash Paysafecard Virus' is often used to refer to a very large family of ransomware Trojans that demand a ransom from computer users via Ukash or PaySafeCard, two money transfer services that are typically used in countries in Europe. Basically, these money transfer services operate by providing their customers with identification numbers or codes which can then be used to pay for online transactions. Unfortunately, these money transfer services – Ukash in particular – have had their companies' names tarnished because criminals use them frequently in their malware scams. The many variants of the Ukash Paysafecard Virus in particular are responsible for this regrettable association. ESG security researchers point out that the Ukash Paysafecard Virus has absolutely no relationship with the actual organizations responsible for these money transfer services and is a criminal operation that is independent of these. In fact, North American variants of the Ukash Paysafecard Virus use MoneyPak for payment since Ukash and PaySafeCard do not operate on the same level in the United States and Canada.

The Modus Operandi of Malware from the Ukash Paysafecard Virus Family

Most ransomware Trojans in the Ukash Paysafecard Virus family of malware are Winlockers, that is, malware infections designed to lock access to their victim's computer. The Ukash Paysafecard Virus prevents the victim from accessing information stored on the infected computer, blocking access to the victim's files, applications, desktop and Windows services and components. Essentially, when the victim tries to access the infected computer a full screen message is displayed demanding that the victim pay a ransom using Ukash or PaySafeCard. These messages vary from one Ukash Paysafecard Virus variant to the other. The most common of these kinds of ransomware messages will claim that the infected computer was involved in criminal activities, impersonating a message from the police. However, there are other variants that pretend to be legitimate Windows messages or messages from other kinds of organizations.

Since the Ukash Paysafecard Virus attack blocks access to the infected computer, most computer users will have difficulty accessing their security software in order to remove a Ukash Paysafecard Virus infection. Fortunately, starting up Windows in Safe Mode can bypass the Ukash Paysafecard Virus ransomware message. Although some variants of the Ukash Paysafecard Virus can prevent the victim from using Safe Mode, Windows also allows computer users to gain access to the Command Prompt directly from Safe Mode, allowing direct access to the Windows Registry Editor, the Windows Explorer and security software installed on the infected computer.


Most Viewed