UltraLocker Ransomware DescriptionType: Trojan
The UltraLocker Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The UltraLocker Ransomware works in a way similar to most other ransomware Trojans, encrypting the victim's files and then demanding that the victim pays a ransom in exchange for the decryption key. Essentially, the UltraLocker Ransomware takes the victim's files hostage in exchange for ransom. Part of what makes the UltraLocker Ransomware attack so effective and these threats so popular is that even if the UltraLocker Ransomware infection itself is removed, the victim's files will remain inaccessible. Unfortunately, modern encryption methods make it nearly impossible to recover the files that have been encrypted in these attacks; the same technology that allows us to keep our data safe, also allows these people to lock computer users out of their own data.
The UltraLocker Ransomware Connection with Other Threats
The UltraLocker Ransomware is based on CryptoWire, a well-known ransomware Trojan that has served as the basis for a variety of other ransomware Trojans. The UltraLocker Ransomware, like its predecessor, uses the AES-256 encryption to take over the victim's files. The UltraLocker Ransomware also uses a specific naming method to mark the files that it has encrypted. The files encrypted by the UltraLocker Ransomware will be renamed following the pattern '[file_name].locked.[file_extension].' Once a file has been encrypted by the UltraLocker Ransomware, it will no longer be readable by the victim's applications.
How the UltraLocker Ransomware Typically Spreads
The most common way in which the UltraLocker Ransomware is being distributed is through files that use corrupted macros. These macros allow an innocuous PDF or Microsoft Office file to connect to a remote server and download and execute corrupted code onto the victim's computer. These corrupted files are typically distributed in spam email messages. The UltraLocker Ransomware is written using the AutoIt programming language. Once the UltraLocker Ransomware carries out its attack, it can encrypt files on all local drives, as well as on external memory devices and drives on the infected computer's network. Computer users using synchronous backup on the cloud also may find that their cloud backups will have been encrypted as well. The UltraLocker Ransomware targets files smaller than 30 MB in size. It will encrypt files in all folders except for the following locations:
Program Files (x86)
The UltraLocker Ransomware targets nearly three hundred different types of files but is designed to allow the victim's operating system to continue to operate even if the files have been encrypted. This way, the UltraLocker Ransomware is able to deliver its ransom note which, in the form of an HTA message, alerts the victim of the attack and demands the payment of a ransom. The following is the ransom note that has been associated with the UltraLocker Ransomware attack:
'All your files have been encrypted contact email@example.com for decryption
key after payment to the provided address has been done.
[a panel with a list of encrypted files]
Buy Bitcoins / Decrypt Files / [your decryption key]
The only way you can recover your files is to buy a decryption key by paying to this address: [34 random characters] the sum of money requested
The payment method is Bitcoins. The price is $1000 = Bitcoins'
PC security researchers suspect that the UltraLocker Ransomware is still in its early stages of implementation. Payments have not been made to the BitCoin address associated with the UltraLocker Ransomware, although a large part of this may be the large ransom amount that these people demand from their victims.
Preventing the UltraLocker Ransomware Attacks
The best protection against the UltraLocker Ransomware is to have backups of all files and update them regularly. It is also important to handle email with caution, being especially careful not to open unsolicited email attachments and embedded links. A reliable security program that is fully up-to-date also can help prevent these attacks.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.