Threat Database Ransomware WinUpdatesDisabler Ransomware

WinUpdatesDisabler Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 2,436
Threat Level: 80 % (High)
Infected Computers: 6,100
First Seen: June 16, 2017
Last Seen: September 20, 2023
OS(es) Affected: Windows

The WinUpdatesDisabler Ransomware is a ransomware Trojan that is used to extort computer users. Malware analysts first observed the WinUpdatesDisabler Ransomware on an online anti-malware engine. Con artists developing ransomware Trojans like the WinUpdatesDisabler Ransomware will submit their ransomware variants under development to these platforms frequently as a way to test whether they can pass detection techniques used by anti-malware programs. This allows PC security analysts to track which new ransomware Trojans are being developed and continue to stay ahead of the con artists in a constant arms race. The WinUpdatesDisabler Ransomware receives its name because of elements in its ransom note and because it may run as an executable file named 'WinUpdatesDisabler.exe' on the victim's computer.

Instead of Updates, the WinUpdatesDisabler Ransomware Disables Your Files

The WinUpdatesDisabler Ransomware carries out an encryption ransomware attack, which is fully functional. Like other ransomware Trojans, the main purpose of the WinUpdatesDisabler Ransomware is to encrypt the victims' files using a strong encryption method. After the WinUpdatesDisabler Ransomware has encrypted the victim's files, these files may become impossible to recover. It is clear that the WinUpdatesDisabler Ransomware is still under development, despite the fact that it does now carry out an effective ransom attack.

How the Extortionists may Profit from a WinUpdatesDisabler Ransomware Attack

After the WinUpdatesDisabler Ransomware scans the victim's computer, targeting all local drives, external memory devices connected to the victim's computer, and shared network directories, the WinUpdatesDisabler Ransomware asks the victim to pay a ransom through a ransom note that will be displayed on the victim's computer. The WinUpdatesDisabler Ransomware uses a ransom note written in Serbian-Croatian, which implies that computer users in Serbia are the WinUpdatesDisabler Ransomware's intended targets. The WinUpdatesDisabler Ransomware's takes the form of a TXT file, which contains the following message:

'Ej sestriće, moraš da gi platiš.
Ako gi ne platiš, zaključani fajlovi nema da gi vratiš.'

The following is a simple translation of the above message:

'Hey, sister, have to pay.
If do not pay, locked files will not back.'

The WinUpdatesDisabler Ransomware is one of the many HiddenTear variants. HiddenTear is an open source ransomware platform that was released for free in August of 2015, placing a powerful encryption technology into the hands of anyone that wanted to carry out these attacks. HiddenTear, released for 'proof of concept' and 'educational' purposes has been responsible for the release of countless ransomware variants, of which the WinUpdatesDisabler Ransomware is only one. The files encrypted by the WinUpdatesDisabler Ransomware attack are simple to recognize because the WinUpdatesDisabler Ransomware will add the file extension '.zbt' to each affected file. The WinUpdatesDisabler Ransomware carries out an effective ransomware attack, and it is necessary to take steps to protect your computer against these threats.

Protecting Your Computer from the WinUpdatesDisabler Ransomware

Unfortunately, if the WinUpdatesDisabler Ransomware has modified your files, they will no longer be recoverable. These threats use strong encryption methods that are not recoverable without the decryption key. While this encryption technology is what is used to keep the computer users' data safe online, it can be applied for evil purposes, as is the case with the WinUpdatesDisabler Ransomware and other encryption ransomware Trojans.

The best protection against the WinUpdatesDisabler Ransomware and similar threats is to have file backups. If you have backups of your files on an external memory device or stored in the cloud, then the people responsible for the WinUpdatesDisabler Ransomware attack will no longer have any leverage allowing them to demand a ransom payment from you. Apart from file backups, you should have a security program and to learn how to browse the Web and handle email messages safely to prevent the WinUpdatesDisabler Ransomware from being installed on your computer in the first place. Remove the WinUpdatesDisabler Ransomware with a reliable security program and replace your files from a backup.


Most Viewed