Threat Database Ransomware UltraLocker Ransomware

UltraLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 52
First Seen: December 12, 2016
Last Seen: April 1, 2023
OS(es) Affected: Windows

The UltraLocker Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The UltraLocker Ransomware works in a way similar to most other ransomware Trojans, encrypting the victim's files and then demanding that the victim pays a ransom in exchange for the decryption key. Essentially, the UltraLocker Ransomware takes the victim's files hostage in exchange for ransom. Part of what makes the UltraLocker Ransomware attack so effective and these threats so popular is that even if the UltraLocker Ransomware infection itself is removed, the victim's files will remain inaccessible. Unfortunately, modern encryption methods make it nearly impossible to recover the files that have been encrypted in these attacks; the same technology that allows us to keep our data safe, also allows these people to lock computer users out of their own data.

The UltraLocker Ransomware Connection with Other Threats

The UltraLocker Ransomware is based on CryptoWire, a well-known ransomware Trojan that has served as the basis for a variety of other ransomware Trojans. The UltraLocker Ransomware, like its predecessor, uses the AES-256 encryption to take over the victim's files. The UltraLocker Ransomware also uses a specific naming method to mark the files that it has encrypted. The files encrypted by the UltraLocker Ransomware will be renamed following the pattern '[file_name].locked.[file_extension].' Once a file has been encrypted by the UltraLocker Ransomware, it will no longer be readable by the victim's applications.

How the UltraLocker Ransomware Typically Spreads

The most common way in which the UltraLocker Ransomware is being distributed is through files that use corrupted macros. These macros allow an innocuous PDF or Microsoft Office file to connect to a remote server and download and execute corrupted code onto the victim's computer. These corrupted files are typically distributed in spam email messages. The UltraLocker Ransomware is written using the AutoIt programming language. Once the UltraLocker Ransomware carries out its attack, it can encrypt files on all local drives, as well as on external memory devices and drives on the infected computer's network. Computer users using synchronous backup on the cloud also may find that their cloud backups will have been encrypted as well. The UltraLocker Ransomware targets files smaller than 30 MB in size. It will encrypt files in all folders except for the following locations:

AppData
Program Data
Program Files
Program Files (x86)
Windows

The UltraLocker Ransomware targets nearly three hundred different types of files but is designed to allow the victim's operating system to continue to operate even if the files have been encrypted. This way, the UltraLocker Ransomware is able to deliver its ransom note which, in the form of an HTA message, alerts the victim of the attack and demands the payment of a ransom. The following is the ransom note that has been associated with the UltraLocker Ransomware attack:

'All your files have been encrypted contact wambeng.watson@gmail.com for decryption
key after payment to the provided address has been done.
[a panel with a list of encrypted files]
Buy Bitcoins / Decrypt Files / [your decryption key]
The only way you can recover your files is to buy a decryption key by paying to this address: [34 random characters] the sum of money requested
The payment method is Bitcoins. The price is $1000 = Bitcoins'

PC security researchers suspect that the UltraLocker Ransomware is still in its early stages of implementation. Payments have not been made to the BitCoin address associated with the UltraLocker Ransomware, although a large part of this may be the large ransom amount that these people demand from their victims.

Preventing the UltraLocker Ransomware Attacks

The best protection against the UltraLocker Ransomware is to have backups of all files and update them regularly. It is also important to handle email with caution, being especially careful not to open unsolicited email attachments and embedded links. A reliable security program that is fully up-to-date also can help prevent these attacks.

Trending

Most Viewed

Loading...