Unikey Ransomware Description
The Unikey Ransomware is a ransomware Trojan based on the infamous HiddenTear open source ransomware platform. This ransomware engine, released in August of 2015 publicly, has allowed con artists to create ransomware variants with relative ease and at a low cost, resulting in countless HiddenTear variants such as the Unikey Ransomware being released to the public. The Unikey Ransomware includes various changes to the way it works and avoids detection, which makes it a sophisticated HiddenTear variant particularly, although its encryption method and basic components are still identical to HiddenTear. The most ordinary method that is being used to deliver the Unikey Ransomware to victims at this time is the use of spam email messages with the subject line 'important notice' that appear to be sent by social media companies (increasing the likelihood that victims of the attack will open the file attachment contained in one of these emails).
How the Unikey Ransomware Carries out Its Attack
The email messages being used to deliver the Unikey Ransomware to victims may include a Microsoft Word file as an attachment. This file, generally a DOCX file, will include a corrupted script or macro that will connect to a remote server and download the Unikey Ransomware onto the victim's computer. This will often bring a User Account Control prompt on the infected computer, which will require that the victim agrees to let the file be downloaded. As soon as the Unikey Ransomware enters the victim's computer, it will start scanning all removable memory devices and local hard drives, as well as directories shared on a network and other storage associated with the infected computer.
Unlocking the Way the Unikey Ransomware Attacks a Computer
The Unikey Ransomware will create a list of all the files that will be affected by the Unikey Ransomware. The Unikey Ransomware will use an AES 256 encryption algorithm to encrypt these files, making them inaccessible. The Unikey Ransomware also will delete the Shadow Volume Copies of all affected files and other possible recovery methods that could be used to regain access to the affected files. The Unikey Ransomware will mark all affected files by adding the file extension '.locked' to their files' names. After encrypting the victim's files, the Unikey Ransomware will display a ransom note. This ransom note is contained in a text file named 'READ_IT.txt' dropped on the infected computer. This file contains a text message that had been observed in a previous variant of HiddenTear that was observed in 2015. The following is the text of the Unikey Ransomware's ransom note:
'Files has been encrypted with hidden tear
Send me some bitcoins or kebab
And I also hate night clubs, desserts, being drunk.'
Dealing with the Unikey Ransomware Infection
Two variants of the Unikey Ransomware, GurxEr and the EyLamo Ransomware, were observed in the months leading up the July 2017. It is likely that the same group of people released the Unikey Ransomware and these others. However, it is important to understand that HiddenTear variants are extremely widespread due to the public nature of its release. Unfortunately, once the Unikey Ransomware encrypts the victim's files, the affected files will become unrecoverable. Because of this, it is important to take preventive measures to ensure that your data is protected against threats like the Unikey Ransomware. The best protection against the Unikey Ransomware and all other ransomware Trojans is to keep file backups on an independent memory device or the cloud. When computer users have the possibility of recovering all of the infected files from a backup copy, then the people responsible for attacks like the Unikey Ransomware lose any power they have over the victim, which would enable them to make ransom demands. Apart from file backups, PC security analysts also advise computer users to use a reliable security program and ensure that all spam email messages and unsolicited attachments are handled appropriately.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.