Ransomware virus reported to set the .uccu file extension on the files it has encrypted has been detected in different places around the globe. It is a mystery what “uccu” stands for, but one detail is confirmed – this specific ransomware uses a strong AES encryption algorithm. In addition to that the virus, has a very wide scope of the type of files it encrypts and its origins are so far a mystery. All users who have been affected by UCCU Ransomware should NOT pay any ransom money requested in its note and remove the virus using an advanced anti-malware tool. To revert any .uccu files, so far a decryptor has not been developed, but you can check this article for alternative solutions regarding partial file restoration.
|Short Description||The ransomware encrypts files with the strong AES cipher and asks a ransom payment for decryption.|
|Symptoms||Files are enciphered and become inaccessible. A ransom note with instructions for paying the ransom may appear on the user’s computer.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by UCCU |
Malware Removal Tool
|User Experience||Join our forum to Discuss Locky Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
UCCU Ransomware – Methods of Infection
For UCCU Ransomware to successfully infect users with high success rate, it may use several tools that assist in the process of masking its files and slipping past undetected:
- Program obfuscators.
- Exploit Kits.
- Redirecting URLs.
- File archives.
Such tools not only allow for the malicious executable to run with escalated privileges and unnoticed but they also give the cyber-criminals many possibilities, like spreading it via spam e-mails with web links like the example below:
UCCU Ransomware – In Depth Analysis
As soon as its payload is dropped on the infected computer, it may be located in one of the following Windows folders:
- %User’s Profile%
The executable of the malware may have the following rather vulgar name:
In addition to that, UCCU Ransomware may create a registry entry in the RUN and RUNONCE keys for the “f*ckgod_jesu_crypt” executable file to start along with Windows and begin encrypting files. The Run and RunOnce keys in which this value string may be located are the following:
In addition to that, UCCU may delete the Shadow Copies of the infected computer, by executing the vssadmin command with one of its many parameters, for example:
The encryption process has a wide scope of files which are targeted. The most used file extensions are encrypted, but the ransomware evades the file extensions which contain important files that can break Windows. The file types targeted are the following:
In addition to that, the ransomware may perform other activities, like:
- Hide the encrypted files from the user.
- Leave a .txt file, picture or an HTML file which contain instructions on how to pay the ransom in Bitcoin.
Remove UCCU Ransomware and Restore Your Encoded Files
To fully delete this ransomware virus from your computer, we advise you to take into consideration that it may have also created other files on your computer when manually removing it. For maximum effectiveness, experts recommend using a more automatic approach – an advanced anti-malware scanner which will automatically, safely and effectively eradicated UCCU Ransomware from your PC.
If you wish to decrypt your files, follow this article – we will update it at its start (above) as soon as there is a working decryptor released for free. In the meantime, you may want to try using the methods in step “3. Restore files encrypted by UCCU” below. They are no guarantee that you will get any files back, but some users have reported recovering at least a minimal portion of the files using them.