Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove UnblockUPC Ransomware and Restore Encrypted Files

unblockupc-ransomware-sensorstechforum-ransomware-virus-comNew ransomware virus, named UnblockUPC has been detected by malware researchers to encrypt files with AES-128 encryption and ask 0.18 BitCoins as ransom money. The virus infects computers via different methods, such as e-mail spam after which uses the abovementioned cipher to encrypt the files on it. UnblockUPC also adds the enc prefix on the file names after it encrypts them. In addition tot his it also adds a screenlock that has a ransom note that acuses the user of downloading illegal files from the web and asking to pay a ransom payoff to restore access to the files. Malware researchers strongly suggest against paying the ransom money to cyber-criminals and to focus on restoring the files using alternative methods, like the ones in the removal manual below, while researchers discover a decryption solution.

Threat Summary

NameUnblockUPC
TypeRansomware
Short DescriptionThe ransomware encrypts files with encryption cipher and asks a ransom payment of 0.18 BTC for decryption.
SymptomsFiles are encrypted with AES-128 bit encryption and become inaccessible with an added “enc” suffix to their names. A ransom note with instructions for paying the ransom shows as a screenlock and “Files Encrypted.txt and uid.txt” files appear with similar instructions as well.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by UnblockUPC

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss UnblockUPC Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

UnblockUPC Ransomware – How Does It Infect

To cause a successful infection, the UnblockUPC virus may use a combination of different tools and methods with techniques that may cause an unnoticed slithering onto a victim computer. Such tools may be:

  • Exploit Kits.
  • Spam bots.
  • Malware obfuscators.
  • Malicious JavaScript.
  • File Joiners.
  • Disposable mail service.

Such tools may allow the malware to be spread in various forms, main of which is via having the UnblockUPC”s malicious executable sent to a user via e-mail as an attachment that seems to be legitimate. Usually most spam messages may include several different notifications such as:

  • “ Open this invoice.”
  • “ Please see the attachment below.”
  • “ Your purchase is complete. See delivery details below.”

Such deceitful messages often get users to open the e-mail attachment, and that is the main goal of the cyber-criminals behind UnblockUPC ransomware.

Another method of having this virus infect a given PC is by letting users download it by themselves via torrents, just like the the RAUM tool. Some even report that hackers have hacked accounts of torrent uploaders with a good reputation to conceal malware disguised as a legitimate torrent, like a game or useful software.
There are many methods by which UnblockUPC can spread, but the most likely technique may be via e-mail since 70% of ransomware viruses use this strategy simply because it is effective.

UnblockUPC Ransomware – In-Depth Analysis

As soon as this virus has infected your computer, UnblockUPC may connect to the cyber-criminals command server after which download from there all the malicious files of the virus on the infected computer. The virus targets the following folders and drops the following files:

→ In the %AppData% directory:
Local\Temp\{File with random letters and digits}
Roaming\Microsoft\Windows\Start Menu\Programs\Startup\einfo.exe
Roaming\uid.txt
Local\Temp\einfo.exe
In the %UserProfile% directory:
Desktop\decryptor.exe
Desktop\uid.txt
Desktop\Files encrypted.txt
Documents\Files encrypted.txt
Documents\decryptor.exe
Documents\uid.txt
In %ProgramData%:
uid.txt
encfiles.log
encinfor.jpg
uid.txt
{random characters}.dat

Besides those files, UnblockUPC ransomware may create many other files as well, such as multiple copies of the Files encrypted.txt and uid.txt ransom notes.

Before encrypting the files of the victim PC, the UnblockUPC virus may automatically start the einfo.exe file, which may be the encryptor, since this file is reported to self-delete after encryption. The UnblockUPC virus looks for a wide variety of pre-programmed in it’s code file extensions. If detected, they are encrypted with the strong AES -128-bit encryption algorithm. UnblockUPC targets primarily widely used types of files to encipher, like:

  • Videos.
  • Audio files.
  • Image files.
  • Microsoft Office files.
  • Adobe files.
  • Other files associated with widely used programs.

According to the malware researchers Demonslay335 and Grinler, the virus is also reported to add the ENC prefix to the enciphered files, for example:

→encNew Text Document.txt

Files that have been encrypted by UnblockUPC ransomware can no longer be opened with any type of software, except if the user pays the 0.18 BTC ransom money, according to the “ Files encrypted.txt” ransom note:

→“ You used to download illegal files from the internet. Now all of your private files has been locked and encrypted!
To unblock them visit one of these websites:
http://unblockupc.xyz
http://unblockupc.in
http://unblockupc.club
http://moscovravir.ru
http://213.167.243.215
http://185.45.192.17
Your UID: {Unique identifier}”

The UnblockUPC virus also adds a wallpaper-like image with the following notification:

→ Here you can unblock your files
You probably used to download illegal files from the internet…
Well, that’s why we encrypted all your private files on your computer.
But fortunately, you can unblock the for just… ~100 EURO (0.18 BTC)
I know, you probably don’t want to pay but believe me, its pretty good opportunity for you. We had access to all your private files, your email, Facebook, bank account, sometimes credit cards… And we only decided to encrypt your files and get 100 euros, we are not so bad!
There is no other way to unlock your files than paying us. If you want to do this, follow these steps:
1. First of all, we need to know your UID; it is your unique identification number; your unlock password is connected with these uid. It is located in uid.txt file on your Desktop or in My Documents/Documents folder.
2. Now you need to put your UID below, and press submit
This page will only work until {date} so better hurry up.
After {date} you won’t be able to unlock your files.” Source: Infected Users

UnblockUPC Ransomware – Conclusion

As a bottom line, the UnblockUPC Ransomware is a threat that is no joke, and it should be taken very seriously. Malware researchers are constantly working on developing free decryptors by reverse engineering malware samples like the once from UnblockUPC. This is the main reason why it is advisable not to pay the decryption fee to cyber-crooks and deal with the files and the virus yourself.

To remove UnblockUPC ransomware, it is recommended to follow the removal instructions below. They are divided in Manual and Automatic and if you are not tech savvy we recommend using the Automatic instructions because they will help you remove UnblockUPC completely at a click of a button.

To try and restore your files, we strongly suggest waiting until a decryptor for UnblockUPC has been released for your computer. Until then, you are welcome to try the not as effective alternative decryption and file restoration tools in step “2. Restore files encrypted by UnblockUPC” below.

Manually delete UnblockUPC from your computer

Note! Substantial notification about the UnblockUPC threat: Manual removal of UnblockUPC requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove UnblockUPC files and objects
2.Find malicious files created by UnblockUPC on your PC

Automatically remove UnblockUPC by downloading an advanced anti-malware program

1. Remove UnblockUPC with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by UnblockUPC
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.