Ultimo Ransomware DescriptionType: Ransomware
The Ultimo Ransomware is an encryption ransomware infection that seems to be related to HiddenTear. There are countless variants of HiddenTear, an open source ransomware platform that was first released in August 2015. There are numerous versions of the HiddenTear platform, and the Ultimo Ransomware is just the latest in the ransomware Trojans based on this threat. The Ultimo Ransomware carries out a typical ransomware infection, using a strong encryption algorithm to make the victim's files inaccessible and then demanding payment in exchange for the decryption key necessary to recover the affected files.
How the Ultimo Ransomware Trojan Attacks a Computer
The Ultimo Ransomware is part of a large number of ransomware Trojans released in late 2017 and early 2018. The Ultimo Ransomware's first versions were released in September 2017 with the latest versions of this threat at the time of writing released in March 2018. The Ultimo Ransomware uses the AES encryption to make the victim's files inaccessible. The Ultimo Ransomware delivers a ransom note to the victim's computer, demanding a ransom payment after encrypting the victim's files. The full text of the Ultimo Ransomware Trojan reads:
'Oooopppsss Your Files Has Been Encrypted
Your Unique GUID for Decrypt: j43as8fk-29gp-61da-3671-h03c83472r74
SEND ME SOME 0.022 Bitcoin on Adress: 1CCnFhbLT1VSMUqXaSqsYUAwcGU4evkbJo
After Confirming The Payment, ALL YOUR FILES CAN BE DECRYPTED.
If you do not make payment within 48 Hrs, you will lose the ability to decrypt them.
Make your Bitcoin Wallet on: xxxxs://www.coinbase.com/ or xxxx://blockchain.info".
How to buy /sell and send Bitcoin :
After the payment, enter the wallet from which paid, and email, in which contact you. firstname.lastname@example.org",
After receiving the payment, we will contact you.'
PC users should refrain from following the instructions in the Ultimo Ransomware's ransom note. There is no reason to pay the Ultimo Ransomware ransom, since it is very unlikely that the cybercrooks will keep their word and help computer users recover their files. The Ultimo Ransomware will encrypt numerous file types in its attack. The following are some of the file types that are commonly encrypted in ransomware attacks like the Ultimo Ransomware:
.PNG, .PSD, .PSPIMAGE, .TGA, .THM, .TIF, .TIFF, .YUV, .AI, .EPS, .PS, .SVG, .INDD, .PCT, .PDF, .XLR, .XLS, .XLSX, .ACCDB, .DB, .DBF, .MDB, .PDB, .SQL, .APK, .APP, .BAT, .CGI, .COM, .EXE, .GADGET, .JAR, .PIF, .WSF, .DEM, .GAM, .NES, .ROM, .SAV, .DWG, .DXF, .GPX, .KML, .KMZ, .ASP, .ASPX, .CER, .CFM, .CSR, .CSS, .HTM, .HTML, .JS, .JSP, .PHP, .RSS, .XHTML, .DOC, .DOCX, .LOG, .MSG, .ODT, .PAGES, .RTF, .TEX, .TXT, .WPD, .WPS, .CSV, .DAT, .GED, .KEY, .KEYCHAIN, .PPS, .PPT, .PPTX, .INI, .PRF, .HQX, .MIM, .UUE, .7Z, .CBR, .DEB, .GZ, .PKG, .RAR, .RPM, .SITX, .TAR.GZ, .ZIP, .ZIPX, .BIN, .CUE, .DMG, .ISO, .MDF, .TOAST, .VCD, .SDF, .TAR, .TAX2014, .TAX2015, .VCF, .XML, .AIF, .IFF, .M3U, .M4A, .MID, .MP3, .MPA, .WAV, .WMA, .3G2, .3GP, .ASF, .AVI, .FLV, .M4V, .MOV, .MP4, .MPG, .RM, .SRT, .SWF, .VOB, .WMV, .3D, .3DM, .3DS, .MAX, .OBJ, .R.BMP, .DDS, .GIF, .JPG, .CRX, .PLUGIN, .FNT, .FON, .OTF, .TTF, .CAB, .CPL, .CUR, .DESKTHEMEPACK, .DLL, .DMP, .DRV, .ICNS, .ICO, .LNK, .SYS, .CFG.
Protecting Your Data from Threats Like the Ultimo Ransomware
The best protection against the Ultimo Ransomware is to have reliable backup copies on cloud storage or an external device. Having file backups helps computer users recover from these attacks immediately, removing any leverage the con artists may have on the victims of the attack. Apart from having file backups, PC security researchers advise computer users to install a security application that is fully up-to-date to prevent ransomware Trojans like the Ultimo Ransomware to be installed on their computers. Since these threats may be delivered using spam email attachments, it is also necessary to take steps to protect your machine from these unsafe components. Learning to handle email attachments is especially crucial in preventing these attacks.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.