Unlock26 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | February 24, 2017 |
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
The Unlock26 Ransomware is an encryption ransomware Trojan that is used to harm computer users, forcing them to pay large amounts of money to recover their files after they are taken hostage by this threat. The Unlock26 Ransomware was released towards the end of February 2017 and seems to be distributed through the use of corrupted spam email attachments. These corrupted email messages attempt to trick computer users into believing that the email comes from a trusted source. The Unlock26 Ransomware receives its name from a string contained in the portal used for payment: unlock26ozqwoyfv[.]hiddenservice[.]net/?signature=[UNIQUE IDENTIFIER]. This payment portal is located on TOR, and victims need to install the TOR browser to access the payment website. This is a payment method that has gained popularity among ransomware creators due to the anonymity that TOR affords.
Table of Contents
The Strong Encryption Method Used by the Unlock26 Ransomware
The Unlock26 Ransomware represents a severe threat to computer users due to the strength of its encryption process; once the Unlock26 Ransomware encrypts the files, they become impossible to recover without the decryption key. The Unlock26 Ransomware is designed to infect computers running the Windows operating system. The Unlock26 Ransomware uses a combination of the AES and RSA encryption to make the victim's files completely inaccessible. The Unlock26 Ransomware downloads the data it needs to carry out the attack from its Command and Control server, which will hold the decryption key, meaning that it may become impossible for the victim to recover the data. During its attack the Unlock26 Ransomware will target numerous file types, including files contained in removable memory devices and shared directories. Analysis of samples of the Unlock26 Ransomware have revealed that the Unlock26 Ransomware will target the following file types (apart from various others) in its attack:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DOCM, ,DOC, .EPUB, .DOCX, .FLV, .GIF, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MOBI, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB.
How the Unlock26 Ransomware Carries out Its Attack
In its attack, the Unlock26 Ransomware will drop an HTML file named 'Readme-Q1u.html' on the victim's computer's Desktop, as well as in other directories where the Unlock26 Ransomware may have encrypted data. The Unlock26 Ransomware's ransom note displays a message alerting the victims of the attack and instructing them on how to access the Unlock26 Ransomware payment website to carry out the payment of the ransom. The Unlock26 Ransomware asks for an immense ransom of 6 BitCoin (approximately $7000 USD at the current exchange rate). This is an enormous amount when compared to other ransomware Trojans that tend to demand payments between 0.5 and 1.5 BitCoins. Regardless of the amount, PC security researchers strongly advise computer users against paying the Unlock26 Ransomware ransom, since it is likely that the con artist will get the money and ignore the victim. Even if the payment allows the victim to recover from the attack, paying the Unlock26 Ransomware ransom allows these people to continue financing their attacks and affecting innocent computer users.
Protecting Your Data from Threats Like the Unlock26 Ransomware
The best protection against threats like the Unlock26 Ransomware is to have file backups. If computer users have backups of their files on the cloud or an external memory device, then the Unlock26 Ransomware attack becomes completely ineffective. Rather than paying the Unlock26 Ransomware ransom, victims of the attack can simply restore the affected files from the backups after removing the Unlock26 Ransomware infection itself with the help of a reliable security product that is fully up-to-date.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.