UltraCrypter Ransomware
Posted: May 31, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 7 |
First Seen: | May 31, 2016 |
---|---|
Last Seen: | January 5, 2023 |
OS(es) Affected: | Windows |
The UltraCrypter Ransomware is a Trojan that uses an asymmetric encryption to encode your files, thereby blocking you from opening them. Additional content loaded in the UltraCrypter Ransomware's payload contains recommendations for accessing its website, where victims are asked to pay with the Bitcoin currency in return for being provided with a decryption program. These ransom transactions may provide unreliable resolutions, and malware researchers continue advising using anti-malware products for the removal of the UltraCrypter Ransomware without paying the fee.
An Ultra Brief Problem for Your Finances
Malware authors depending on some degree of social engineering for their campaigns' success often are all too aware that a savvy PC user will find safe and cheap means of overcoming an infection. While con artists have deployed various ways of bullying their victims into taking the desired (and invariably self-destructive) actions, the most popular of these at current is the threat of timer-based ransom increases. Malware researchers recently verified the UltraCrypter Ransomware as a new threat including such time limits, all with the purpose of filling a Bitcoin wallet.
The UltraCrypter Ransomware's initial attacks include using an RSA-based algorithm (such as RSA-4096) to encrypt your content. Concurrent symptoms include:
- The UltraCrypter Ransomware will change the names of each affected file by giving it added text: the '.cryp1' extension.
- The UltraCrypter Ransomware also generates ransom notes (each with the same message) through HTML, TXT, and BMP files that it places on your PC.
- Your desktop background also is reset to the BMP file previously mentioned.
Following the UltraCrypter Ransomware's instructions will take the victim to a custom website for the Trojan's payment process, which displays a timer and warns that failing to pay quickly will cause an increase in the cost of decrypting your data. Like some other threats malware experts have seen in 2016, the UltraCrypter Ransomware's site also offers a 'sample' decryption routine for one file chosen by the victim, theoretically proving the validity of the decryptor application. However, the sample is limited to the comparatively restrictive size of 512 kilobytes.
Even the UltraCrypter Ransomware's lowest ransoms begin at over 500 USD in Bitcoin value, with the price doubling in a matter of days.
Taking Back a Digital Hostage without Submitting to Trojan Demands
The ransom process for the UltraCrypter Ransomware's campaign provides an exceptionally user-friendly experience, with 'proof' of a working decryptor, an easily navigable website, and straightforward instructions that require no personal contact with other human beings. This strategy of making it easy to pay its ransoms may provide the UltraCrypter Ransomware's authors with some degree of profit, and most likely is more successful than the e-mail address insertions of other Trojans. However, it does nothing to counteract the traditional methods of protecting your PC from threatening file encryptors.
Use backups to keep the UltraCrypter Ransomware from having access to the only copies of any valuable data. While malware experts would warn against placing too much reliance on local, Windows system backups, backups kept on external drives or servers should be safe against this Trojan's payload. Since the UltraCrypter Ransomware doesn't attack content required by the operating system, disinfecting your PC and restoring your content from a backup should reverse all the ill effects of the infection.
Some sources have reported of the UltraCrypter Ransomware's using drive-by-download threats, such as the Angler Exploit Kit, for installing itself. These threats are capable of installing other threats besides the UltraCrypter Ransomware without symptoms automatically. Always use anti-malware programs for deleting the UltraCrypter Ransomware and analyzing the rest of a compromised machine, regardless of your preference about saving your 'hostages.'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.