UpdateDecrypter Ransomware
The UpdateDecrypter Ransomware is a file-locking Trojan that's a possible variant of Hidden Tear. The UpdateDecrypter Ransomware uses screen-wide pop-ups for distracting users while it blocks their files with encryption. Users can recover with preexisting backups or a free solution from the Web while deploying trusted security services for removing the UpdateDecrypter Ransomware.
A Software Update that Goes Sideways Fast
Fake software updates, or legitimate ones compromised through obtuse means like a supply-chain breach, are among the many favorite methods of distributing Trojans throughout the Internet. It remains a technique in flavor with file-locking Trojans, such as the recent UpdateDecrypter Ransomware. Malware experts suspect that its campaign targets South Koreans, but its features put most Windows users at risk of its extortion.
The UpdateDecrypter Ransomware's installer is an unsigned Windows EXE whose name and version information imply an 'update' for an unspecified program. It also is larger than most file-locker Trojans significantly, weighing in at over eight megabytes – a sign of its possible heritage in the Hidden Tear project. Initially, the Trojan uses a screen-locking pop-up for hiding its activities and preventing any user interference.
At that point, the UpdateDecrypter Ransomware starts encrypting media files in an attack very similar to that of other Trojans with features for blocking documents, pictures, and further, ransom-worthy data. The Trojan also adds a generic 'crypt' extension and reboots when it finishes. After restarting, Windows displays a reset desktop image – in the samples that malware experts have available, containing Korean ransom instructions and warnings.
Unlocking Files at a Better than Criminal Price
New versions of Hidden Tear are rarer than in previous years, although the family is far from small, with variations like the Fappy Ransomware, the MilkmanVictory Ransomware, the ABANTES Ransomware or the Qinynore Ransomware. Since its code is available for free, threat actors may tailor their Trojan to their liking and use unpredictable ransoming methods or distribution exploits. Malware experts cannot confirm any current infection vectors for the UpdateDecrypter Ransomware despite the suggestive installer's name.
Windows users at risk should refuse software updates for Flash or other widely-used products from unknown sources like third-party websites or torrents, particularly. Malware researchers also recommend some general-purpose protections, like using strong passwords and turning off document macros, eliminating brute-force hacks or drive-by-downloads. Still, even a perfectly-secure PC should have backups on other devices for emergency data recovery.
A free decryption solution is available for the UpdateDecrypter Ransomware, which uses a static unlocking code (appropriately, 'password'). Most file-locking Trojans are more secure than that, and users should appropriately defend their files with that knowledge in mind. Anti-malware products from nearly every vendor will delete the UpdateDecrypter Ransomware as of current sample statistics.
The UpdateDecrypter Ransomware has many tidbits in its attacks that make it less than a simple copy of an open-source project. Koreans might have the most reasons for fearing it. Still, any Windows user who considers their files immune might find themselves sharply corrected by the lesson of a Trojan's encryption routine.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.