UpdateDecrypter Ransomware

Posted: November 10, 2020

UpdateDecrypter Ransomware Description

The UpdateDecrypter Ransomware is a file-locking Trojan that's a possible variant of Hidden Tear. The UpdateDecrypter Ransomware uses screen-wide pop-ups for distracting users while it blocks their files with encryption. Users can recover with preexisting backups or a free solution from the Web while deploying trusted security services for removing the UpdateDecrypter Ransomware.

A Software Update that Goes Sideways Fast

Fake software updates, or legitimate ones compromised through obtuse means like a supply-chain breach, are among the many favorite methods of distributing Trojans throughout the Internet. It remains a technique in flavor with file-locking Trojans, such as the recent UpdateDecrypter Ransomware. Malware experts suspect that its campaign targets South Koreans, but its features put most Windows users at risk of its extortion.

The UpdateDecrypter Ransomware's installer is an unsigned Windows EXE whose name and version information imply an 'update' for an unspecified program. It also is larger than most file-locker Trojans significantly, weighing in at over eight megabytes – a sign of its possible heritage in the Hidden Tear project. Initially, the Trojan uses a screen-locking pop-up for hiding its activities and preventing any user interference.

At that point, the UpdateDecrypter Ransomware starts encrypting media files in an attack very similar to that of other Trojans with features for blocking documents, pictures, and further, ransom-worthy data. The Trojan also adds a generic 'crypt' extension and reboots when it finishes. After restarting, Windows displays a reset desktop image – in the samples that malware experts have available, containing Korean ransom instructions and warnings.

Unlocking Files at a Better than Criminal Price

New versions of Hidden Tear are rarer than in previous years, although the family is far from small, with variations like the Fappy Ransomware, the MilkmanVictory Ransomware, the ABANTES Ransomware or the Qinynore Ransomware. Since its code is available for free, threat actors may tailor their Trojan to their liking and use unpredictable ransoming methods or distribution exploits. Malware experts cannot confirm any current infection vectors for the UpdateDecrypter Ransomware despite the suggestive installer's name.

Windows users at risk should refuse software updates for Flash or other widely-used products from unknown sources like third-party websites or torrents, particularly. Malware researchers also recommend some general-purpose protections, like using strong passwords and turning off document macros, eliminating brute-force hacks or drive-by-downloads. Still, even a perfectly-secure PC should have backups on other devices for emergency data recovery.

A free decryption solution is available for the UpdateDecrypter Ransomware, which uses a static unlocking code (appropriately, 'password'). Most file-locking Trojans are more secure than that, and users should appropriately defend their files with that knowledge in mind. Anti-malware products from nearly every vendor will delete the UpdateDecrypter Ransomware as of current sample statistics.

The UpdateDecrypter Ransomware has many tidbits in its attacks that make it less than a simple copy of an open-source project. Koreans might have the most reasons for fearing it. Still, any Windows user who considers their files immune might find themselves sharply corrected by the lesson of a Trojan's encryption routine.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to UpdateDecrypter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware UpdateDecrypter Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.