Threat Database Ransomware ULocker Ransomware

ULocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: October 3, 2012
Last Seen: January 21, 2022
OS(es) Affected: Windows

ScreenshotUlocker is a family of ransomware Trojans that use fake messages from the police in order to scare inexperienced computer users into paying substantial fees. It is easy to differentiate malware in the Ulocker family from other ransomware Trojans because they use a characteristic image that includes a background that includes a large picture of a padlock. ESG security researchers strongly advise computer users to disregard the Ulocker message and to remove this threat from their computer. It is important to remember that ransomware Trojans in the Ulocker family have absolutely no connection with the police and are instead part of a well known online scam that criminals use to prey on inexperienced computer users.

Malware in the Ulocker Family Adapts to the Infected Computer's Geographical Location

ESG security researchers have observed that the Ulocker installation process is affected by the infected computer's geographical location. This has allowed the criminals behind the Ulocker infection to adapt their ransomware attack to computers in different countries, displaying threatening messages from the police in each country's language and referring to that country's main police force. This is done during installation. When the Ulocker Trojan is installed, Ulocker detects the victim's computer's geographical location by analyzing the gate and IP data. Once this is done, Ulocker connects to a remote server and downloads text corresponding to the country code gleaned from the data. This text is superimposed on Ulocker's characteristic picture of a padlock. There are numerous variants of the Ulocker family of ransomware Trojans, corresponding mostly to the largest countries in the European Union.

Ulocker uses a scam that is well known and not difficult to understand. Basically, Ulocker threatens computer users by claiming that their computers were involved in illegal activities such as distributing child pornography. Although the Ulocker message threatens the victim with jail time, Ulocker allegedly is part of a law enforcement operation that claims that the victim must pay a substantial fine if they wish to avoid prosecution. This ransom is typically paid using a money transfer service. Common money transfer services that criminals use to demand payment include MoneyPak (mostly for North America), PaySafeCard, and Ukash. This last money transfer service, in particular, is so widely used by many ransomware Trojans that these kinds of malware infections are often referred to as 'Ukash Virus' or 'Ukash Ransomware.'

Trending

Most Viewed

Loading...