Home Malware Programs Ransomware UltraCrypter Ransomware

UltraCrypter Ransomware

Posted: May 31, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 7
First Seen: May 31, 2016
Last Seen: January 5, 2023
OS(es) Affected: Windows

The UltraCrypter Ransomware is a Trojan that uses an asymmetric encryption to encode your files, thereby blocking you from opening them. Additional content loaded in the UltraCrypter Ransomware's payload contains recommendations for accessing its website, where victims are asked to pay with the Bitcoin currency in return for being provided with a decryption program. These ransom transactions may provide unreliable resolutions, and malware researchers continue advising using anti-malware products for the removal of the UltraCrypter Ransomware without paying the fee.

An Ultra Brief Problem for Your Finances

Malware authors depending on some degree of social engineering for their campaigns' success often are all too aware that a savvy PC user will find safe and cheap means of overcoming an infection. While con artists have deployed various ways of bullying their victims into taking the desired (and invariably self-destructive) actions, the most popular of these at current is the threat of timer-based ransom increases. Malware researchers recently verified the UltraCrypter Ransomware as a new threat including such time limits, all with the purpose of filling a Bitcoin wallet.

The UltraCrypter Ransomware's initial attacks include using an RSA-based algorithm (such as RSA-4096) to encrypt your content. Concurrent symptoms include:

  • The UltraCrypter Ransomware will change the names of each affected file by giving it added text: the '.cryp1' extension.
  • The UltraCrypter Ransomware also generates ransom notes (each with the same message) through HTML, TXT, and BMP files that it places on your PC.
  • Your desktop background also is reset to the BMP file previously mentioned.

Following the UltraCrypter Ransomware's instructions will take the victim to a custom website for the Trojan's payment process, which displays a timer and warns that failing to pay quickly will cause an increase in the cost of decrypting your data. Like some other threats malware experts have seen in 2016, the UltraCrypter Ransomware's site also offers a 'sample' decryption routine for one file chosen by the victim, theoretically proving the validity of the decryptor application. However, the sample is limited to the comparatively restrictive size of 512 kilobytes.

Even the UltraCrypter Ransomware's lowest ransoms begin at over 500 USD in Bitcoin value, with the price doubling in a matter of days.

Taking Back a Digital Hostage without Submitting to Trojan Demands

The ransom process for the UltraCrypter Ransomware's campaign provides an exceptionally user-friendly experience, with 'proof' of a working decryptor, an easily navigable website, and straightforward instructions that require no personal contact with other human beings. This strategy of making it easy to pay its ransoms may provide the UltraCrypter Ransomware's authors with some degree of profit, and most likely is more successful than the e-mail address insertions of other Trojans. However, it does nothing to counteract the traditional methods of protecting your PC from threatening file encryptors.

Use backups to keep the UltraCrypter Ransomware from having access to the only copies of any valuable data. While malware experts would warn against placing too much reliance on local, Windows system backups, backups kept on external drives or servers should be safe against this Trojan's payload. Since the UltraCrypter Ransomware doesn't attack content required by the operating system, disinfecting your PC and restoring your content from a backup should reverse all the ill effects of the infection.

Some sources have reported of the UltraCrypter Ransomware's using drive-by-download threats, such as the Angler Exploit Kit, for installing itself. These threats are capable of installing other threats besides the UltraCrypter Ransomware without symptoms automatically. Always use anti-malware programs for deleting the UltraCrypter Ransomware and analyzing the rest of a compromised machine, regardless of your preference about saving your 'hostages.'

Loading...