Home Malware Programs Ransomware Urs Ransomware

Urs Ransomware

Posted: March 3, 2021

The Urs Ransomware is a variant of the Dharma Ransomware. This new version of one of the most active and threatening ransomware families, the Dharma Ransomware family is being spread online actively, and its creators are using a wide range of tricks to deliver the payload to potential victims – corrupted emails, fake downloads, pirated content, etc. Once the Urs Ransomware is executed on an unprotected system, it may begin encrypting files immediately. Just like other file-lockers, this one also targets a long list of file extensions to maximize the damage it causes – some of the commonly locked files are images, media, archives, documents and more. When it locks a file, the ransomware will append the '.id-<VICTIM ID>.[necurs@aol.com].urs' extension to files.

Unfortunately, the Urs Ransomware's encryption is impossible to crack, and users need to look into alternative data recovery options. We assure you that trying to contact the attackers for help is futile – they will not help unless you agree to pay them a few hundred dollars through cryptocurrency. Their preferred payment option is Bitcoin, so it would be impossible for victims to reverse the transaction. Needless to say, users who pay are likely to end up being tricked, so this is certainly not the recommended course of action.

The full ransom message of Urs Ransomware's creators can be found in the window 'necurs@aol.com' that the ransomware will spawn after the attack, or in the document 'FILES ENCRYPTED.txt.' You should not contact them and, instead, you should eliminate the Urs Ransomware with the use of an up-to-date anti-virus scanner. Once the ransomware is gone, you will need to recover the damaged files from a backup or use other data recovery options.

Related Posts

Loading...