UnblockUPC Ransomware
Posted: September 26, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 4 |
| First Seen: | September 26, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The UnblockUPC Ransomware is a Trojan that encodes your files by using the AES-128 encryption method and then, creates a text message redirecting you to ransom-processing websites. PC users can protect their data by keeping backups not accessible to the UnblockUPC Ransomware, which also attacks peripheral devices and network-accessible drives. Use a professional anti-malware product to quarantine or delete the UnblockUPC Ransomware, or, preferentially, interrupt its installation.
A Trojan Starting in Poland to Ransom Everyone Else
It's a common practice for Trojan campaigns to discriminate in their targets, based on conditions like the system's default language, the preferred Web-surfing habits of the victims, and even IP addresses. Most of these filtering options equate to isolating users of specific services or employees of distinct business entities, although threats like the UnblockUPC Ransomware use broader screening methods. The UnblockUPC Ransomware targets Polish-speaking PC users, but also includes other machines in the scope of its payload, potentially compromising additional, tangentially-related targets.
The UnblockUPC Ransomware uses unconfirmed installation methods currently, although early indicators incline towards it been distributed as part of bundles with third-party software targeting Polish speakers. Once executed, its payload uses an AES-128 encryption algorithm for ciphering the contents of your PC, including formats such as DOC, PDF, TXT and JPG. Malware experts also verified instances of the UnblockUPC Ransomware encrypting content on network-accessible systems and peripheral devices, meaning that even PCs sharing a Polish VPN, or other means of contact with the compromised machine, also could be targets.
While malware experts noted that the UnblockUPC Ransomware shows few signs of being a professionally-programmed product produced by a dedicated team, it does lock victims out of their content, including erasing local backups that could restore it. The Trojan also creates extortion messages in Notepad documents that reroute traffic to any of various domains dedicated to processing the campaign's ransom payments. No guarantees of decryption after payment, or free decryption solutions, are available.
Forcing Europe's New Trojan to a Dead Stop
Unlike some threats, such as advanced banking Trojans that specialize in targeting regional financial services, the UnblockUPC Ransomware doesn't filter for systems based on their geographical region (which one can estimate via the IP address). A majority of Polish victims of the UnblockUPC Ransomware campaign live in areas other than Poland, such as the United Kingdom. As noted earlier, sharing networks with a compromised PC also can lead to the encryption of data by this threat.
Malware experts are unable to link the UnblockUPC Ransomware to any predetermined family of Trojans with a freely-available decryptor. Non-local backups kept on a protected server or drive that's isolated from your main computer can offer an unassailable means of recovering information from the UnblockUPC Ransomware and most file encrypting Trojans. Paying any ransom to threat actors such as the UnblockUPC Ransomware's administrators never should be undertaken without the understanding that the payment may not be acknowledged and that any decryption tool on offer may not function as claimed.
You may need to update your anti-malware software to be protected from the UnblockUPC Ransomware, which came under identification as of late September. As the security sector continues working towards offering other solutions against this threat, Web surfers should remember to be careful about their downloads, lest they end up getting more software than they wanted.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.