BUYUNLOCKCODE

BUYUNLOCKCODE is a file encryptor Trojan that changes files on your machine to make them unreadable as a prelude to offering a ransom price for their restoration. As an extension of its ransom attacks, BUYUNLOCKCODE also may modify file names, lock your desktop to an unusual image or generate additional files on your computer. As the cheapest and safest means of countering its payload, malware researchers recommend using well-organized file backups to restore any lost data and standard anti-malware products for removing BUYUNLOCKCODE.

The Code You shouldn't be Buying

BUYUNLOCKCODE is one of the newer file encrypting Trojans of 2014 to use actual encryption attacks as a primary means of extorting money from seemingly random victims. Unlike similar specimens of threats that focus on automated payment methods, BUYUNLOCKCODE requests that all victims contact one of the several e-mail addresses to receive further instructions on how to reverse its attacks. As usual, malware researchers find no compelling reasons to pay BUYUNLOCKCODE's demanded ransom fee, as opposed to deleting BUYUNLOCKCODE and taking other steps to preserve your PC's files.

BUYUNLOCKCODE uses an RSA-1024 algorithm to encrypt common file types on your PC, such as mp3 or DOC. These encrypted files are made unreadable, and are identifiable from unaffected ones by the appending of an '.encoded.yourid' string to the end of each file name. Although BUYUNLOCKCODE's encryption attack isn't a mere bluff, malware experts can confirm that BUYUNLOCKCODE doesn't take steps to remove all standard formats of default, Windows file backups. Restoring these backups can allow you to regain the unencrypted versions of your files.

Storing file backups on remote locations, such as cloud servers or USB devices, also can provide an efficient way of protecting your data from BUYUNLOCKCODE's attacks.

The Key to Unshackling Your Files from a BUYUNLOCKCODE Ransom

Due to the inclusion of other symptoms of high visibility, even PC users who don't pay attention to the names of their files should be able to identify BUYUNLOCKCODE's attacks immediately. BUYUNLOCKCODE places additional TXT file instructions for paying its ransom on all hard drives affected by its encryption attack. BUYUNLOCKCODE also includes a function for replacing the victim's desktop background with another image, typically one duplicating the instructions provided in its text files.

Malware researchers haven't divined any traces of a worm, virus or other self-propagation function that would let BUYUNLOCKCODE install and reproduce itself. For now, secondary threats such as Trojan downloaders and exploit kits, are estimated to be major players in BUYUNLOCKCODE's distribution. Just as you can use anti-malware and standard data security features to protect your hard drive from BUYUNLOCKCODE's payload, you also can block the installation of common threats like BUYUNLOCKCODE with good browser security software and practices.

In no situation do malware researchers advise paying the ransom demanded by BUYUNLOCKCODE, regardless of the amount of the fee or the nature of the encrypted data. When in doubt, keeping backups of all important data is an elegant, preemptive solution to almost any ransomware campaign.

Technical Details