Threat Database Ransomware Urausy Ransomware

Urausy Ransomware

By ZulaZuza in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 11
First Seen: October 3, 2012
Last Seen: March 16, 2023
OS(es) Affected: Windows

Urausy Ransomware Image

The police ransomware Trojan family known as Urausy uses an attack that is not dissimilar from other malware infections. Its characteristic layout, often including the targeted computer's country's flag is what sets this ransomware infection apart from other police ransomware Trojan families. ESG malware researchers advise ignoring Urausy's claims. Paying this malware infection's ransom will not help you regain control of a computer infected with a Urausy Trojan. Instead, ESG security researchers strongly advise removing this Trojan with the help of reliable anti-malware software and using Window's own components to circumvent its attack.

Urausy Trojans Detect Your Computer's Location and Display Different Messages

Urausy's installation process involves detecting the infected computer's location. This data is received from the infected computer's IP data and from the country code used when connecting to the infected machine. Urausy then relays this information to a remote server and downloads a ransomware Trojan variant that corresponds to that country. Urausy malware customizes their appearance by changing the name of the supposed police agency sending the Urausy message, displaying the flag and national colors of the targeted country, and including text in the targeted country's language. ESG security analysts have observed variants of Urausy corresponding to numerous countries in Europe, including Norway, the United Kingdom and Poland.

One of the main difficulties involved in removing a Urausy infection and similar threats is being able to use your anti-malware software, due to the fact that ransomware Trojans block access to the infected computers (including access to files and security software). This difficulty is compounded in the case of the newer families of ransomware Trojans, which often include components that can block Safe Mode. However, you can access your security programs by using the Command Prompt (one of the options in Safe Mode) to access the Registry Editor or the Windows Explorer. It is also possible to bypass the Urausy message by starting up Windows from an external source, such as a removable drive or a drive shared on a network. Once you gain access to your computer, removing a Urausy ransomware infection is as simple as using a reliable anti-malware application to search your computer or entering the Registry Editor and removing all malicious entries associated with Urausy.

File System Details

Urausy Ransomware may create the following file(s):
# File Name Detections
1. HD_video.exe

Related Posts


Most Viewed