Uridzu Ransomware
The Uridzu Ransomware is an encryption ransomware Trojan that belongs to the Globe Imposter family of ransomware. The Uridzu Ransomware was first observed carrying out attacks in November 2017. Like most encryption ransomware Trojans, the Uridzu Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, then demands a ransom payment in exchange for the decryption key. The Uridzu Ransomware can be recognized because it marks the files it encrypts with the file extension '.crypted_uridzu@aaathats3as_com,' which it adds to each encrypted file's name.
The Uridzu Ransomware and Its Ransom Note
The Uridzu Ransomware attack is typical of these Trojan types, which encrypt the victims' files with a strong encryption algorithm and then deliver a ransom note. The Uridzu Ransomware's ransom note takes the form of an HTML file dropped on the victim's computer. The Uridzu Ransomware ransom note is a file named 'how_to_back_files.html' that alerts the victim about the attack and then asks the victim to contact the cybercrooks via email. The full text of the Uridzu Ransomware's ransom note reads:
'Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software – 'URIDZU DECRYPTOR' Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk.
If you want to restore files, write us to the e-mail: uridzu@aaathats3as.com In subject line write 'encryption' and attach your personal ID in body of your message also attach to email 3 crypted files. (files have to be less than 10 MB)
It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.
Your personal ID
[redacted]'
The ransom that these infections demand ranges between 500 and 2000 USD, to be paid using Bitcoin. The purpose of these attacks is to threaten computer users, forcing them to pay the ransom under the threat of losing their files permanently. The Uridzu Ransomware will target user-generated files in its attack, which may include images, videos, music, and numerous others while avoiding the Windows system files.
Protecting Your Data from Threats Like the Uridzu Ransomware
The main way in which ransomware Trojans like the Uridzu Ransomware tend to spread is through the use of spam email attachments. Victims will receive unsolicited email messages that include Microsoft Word files attached, which include embedded macro scripts that download and install the Uridzu Ransomware on the victim's computer. However, it seems that the main way in which the Uridzu Ransomware is spreading is through the use of unprotected Remote Desktop Protocol connections. The cybercrooks will take advantage of unsecured computers and poor protection to install the Uridzu Ransomware onto the victim's computer.
However, paying the Uridzu Ransomware ransom or contacting the criminals is not recommended at all. Rather than paying, computer users should ignore the instructions in the Uridzu Ransomware ransom note and restore their files from a backup copy. Having file backups on secure places is the best way to ensure that your files are protected from threats like the Uridzu Ransomware, which hinge on taking the victim's files hostage. Then, a security program that is fully up-to-date can be used to remove the Uridzu Ransomware infection itself. However, the security software is not capable of restoring the files affected by the Uridzu Ransomware. Unfortunately, threats like the Uridzu Ransomware use strong encryption methods, typically a combination of AES and RSA encryptions, to make the victim's files inaccessible so that a backup is the surest way to bring them back.
