Remove UnblockUPC Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove UnblockUPC Ransomware and Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by UnblockUPC and other threats.
Threats such as UnblockUPC may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

unblockupc-ransomware-sensorstechforum-ransomware-virus-comNew ransomware virus, named UnblockUPC has been detected by malware researchers to encrypt files with AES-128 encryption and ask 0.18 BitCoins as ransom money. The virus infects computers via different methods, such as e-mail spam after which uses the abovementioned cipher to encrypt the files on it. UnblockUPC also adds the enc prefix on the file names after it encrypts them. In addition tot his it also adds a screenlock that has a ransom note that acuses the user of downloading illegal files from the web and asking to pay a ransom payoff to restore access to the files. Malware researchers strongly suggest against paying the ransom money to cyber-criminals and to focus on restoring the files using alternative methods, like the ones in the removal manual below, while researchers discover a decryption solution.

Threat Summary

NameUnblockUPC
TypeRansomware
Short DescriptionThe ransomware encrypts files with encryption cipher and asks a ransom payment of 0.18 BTC for decryption.
SymptomsFiles are encrypted with AES-128 bit encryption and become inaccessible with an added “enc” suffix to their names. A ransom note with instructions for paying the ransom shows as a screenlock and “Files Encrypted.txt and uid.txt” files appear with similar instructions as well.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by UnblockUPC

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss UnblockUPC Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

UnblockUPC Ransomware – How Does It Infect

To cause a successful infection, the UnblockUPC virus may use a combination of different tools and methods with techniques that may cause an unnoticed slithering onto a victim computer. Such tools may be:

  • Exploit Kits.
  • Spam bots.
  • Malware obfuscators.
  • Malicious JavaScript.
  • File Joiners.
  • Disposable mail service.

Such tools may allow the malware to be spread in various forms, main of which is via having the UnblockUPC”s malicious executable sent to a user via e-mail as an attachment that seems to be legitimate. Usually most spam messages may include several different notifications such as:

  • “ Open this invoice.”
  • “ Please see the attachment below.”
  • “ Your purchase is complete. See delivery details below.”

Such deceitful messages often get users to open the e-mail attachment, and that is the main goal of the cyber-criminals behind UnblockUPC ransomware.

Another method of having this virus infect a given PC is by letting users download it by themselves via torrents, just like the the RAUM tool. Some even report that hackers have hacked accounts of torrent uploaders with a good reputation to conceal malware disguised as a legitimate torrent, like a game or useful software.
There are many methods by which UnblockUPC can spread, but the most likely technique may be via e-mail since 70% of ransomware viruses use this strategy simply because it is effective.

UnblockUPC Ransomware – In-Depth Analysis

As soon as this virus has infected your computer, UnblockUPC may connect to the cyber-criminals command server after which download from there all the malicious files of the virus on the infected computer. The virus targets the following folders and drops the following files:

→ In the %AppData% directory:
Local\Temp\{File with random letters and digits}
Roaming\Microsoft\Windows\Start Menu\Programs\Startup\einfo.exe
Roaming\uid.txt
Local\Temp\einfo.exe
In the %UserProfile% directory:
Desktop\decryptor.exe
Desktop\uid.txt
Desktop\Files encrypted.txt
Documents\Files encrypted.txt
Documents\decryptor.exe
Documents\uid.txt
In %ProgramData%:
uid.txt
encfiles.log
encinfor.jpg
uid.txt
{random characters}.dat

Besides those files, UnblockUPC ransomware may create many other files as well, such as multiple copies of the Files encrypted.txt and uid.txt ransom notes.

Before encrypting the files of the victim PC, the UnblockUPC virus may automatically start the einfo.exe file, which may be the encryptor, since this file is reported to self-delete after encryption. The UnblockUPC virus looks for a wide variety of pre-programmed in it’s code file extensions. If detected, they are encrypted with the strong AES -128-bit encryption algorithm. UnblockUPC targets primarily widely used types of files to encipher, like:

  • Videos.
  • Audio files.
  • Image files.
  • Microsoft Office files.
  • Adobe files.
  • Other files associated with widely used programs.

According to the malware researchers Demonslay335 and Grinler, the virus is also reported to add the ENC prefix to the enciphered files, for example:

→encNew Text Document.txt

Files that have been encrypted by UnblockUPC ransomware can no longer be opened with any type of software, except if the user pays the 0.18 BTC ransom money, according to the “ Files encrypted.txt” ransom note:

→“ You used to download illegal files from the internet. Now all of your private files has been locked and encrypted!
To unblock them visit one of these websites:
http://unblockupc.xyz
http://unblockupc.in
http://unblockupc.club
http://moscovravir.ru
http://213.167.243.215
http://185.45.192.17
Your UID: {Unique identifier}”

The UnblockUPC virus also adds a wallpaper-like image with the following notification:

→ Here you can unblock your files
You probably used to download illegal files from the internet…
Well, that’s why we encrypted all your private files on your computer.
But fortunately, you can unblock the for just… ~100 EURO (0.18 BTC)
I know, you probably don’t want to pay but believe me, its pretty good opportunity for you. We had access to all your private files, your email, Facebook, bank account, sometimes credit cards… And we only decided to encrypt your files and get 100 euros, we are not so bad!
There is no other way to unlock your files than paying us. If you want to do this, follow these steps:
1. First of all, we need to know your UID; it is your unique identification number; your unlock password is connected with these uid. It is located in uid.txt file on your Desktop or in My Documents/Documents folder.
2. Now you need to put your UID below, and press submit
This page will only work until {date} so better hurry up.
After {date} you won’t be able to unlock your files.” Source: Infected Users

UnblockUPC Ransomware – Conclusion

As a bottom line, the UnblockUPC Ransomware is a threat that is no joke, and it should be taken very seriously. Malware researchers are constantly working on developing free decryptors by reverse engineering malware samples like the once from UnblockUPC. This is the main reason why it is advisable not to pay the decryption fee to cyber-crooks and deal with the files and the virus yourself.

To remove UnblockUPC ransomware, it is recommended to follow the removal instructions below. They are divided in Manual and Automatic and if you are not tech savvy we recommend using the Automatic instructions because they will help you remove UnblockUPC completely at a click of a button.

To try and restore your files, we strongly suggest waiting until a decryptor for UnblockUPC has been released for your computer. Until then, you are welcome to try the not as effective alternative decryption and file restoration tools in step “2. Restore files encrypted by UnblockUPC” below.

Note! Your computer system may be affected by UnblockUPC and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as UnblockUPC.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove UnblockUPC follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove UnblockUPC files and objects
2. Find files created by UnblockUPC on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by UnblockUPC

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...