Remove UnblockUPC Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum |

Remove UnblockUPC Ransomware and Restore Encrypted Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

unblockupc-ransomware-sensorstechforum-ransomware-virus-comNew ransomware virus, named UnblockUPC has been detected by malware researchers to encrypt files with AES-128 encryption and ask 0.18 BitCoins as ransom money. The virus infects computers via different methods, such as e-mail spam after which uses the abovementioned cipher to encrypt the files on it. UnblockUPC also adds the enc prefix on the file names after it encrypts them. In addition tot his it also adds a screenlock that has a ransom note that acuses the user of downloading illegal files from the web and asking to pay a ransom payoff to restore access to the files. Malware researchers strongly suggest against paying the ransom money to cyber-criminals and to focus on restoring the files using alternative methods, like the ones in the removal manual below, while researchers discover a decryption solution.

Threat Summary

Short DescriptionThe ransomware encrypts files with encryption cipher and asks a ransom payment of 0.18 BTC for decryption.
SymptomsFiles are encrypted with AES-128 bit encryption and become inaccessible with an added “enc” suffix to their names. A ransom note with instructions for paying the ransom shows as a screenlock and “Files Encrypted.txt and uid.txt” files appear with similar instructions as well.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by UnblockUPC


Malware Removal Tool

User ExperienceJoin our forum to Discuss UnblockUPC Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

UnblockUPC Ransomware – How Does It Infect

To cause a successful infection, the UnblockUPC virus may use a combination of different tools and methods with techniques that may cause an unnoticed slithering onto a victim computer. Such tools may be:

  • Exploit Kits.
  • Spam bots.
  • Malware obfuscators.
  • Malicious JavaScript.
  • File Joiners.
  • Disposable mail service.

Such tools may allow the malware to be spread in various forms, main of which is via having the UnblockUPC”s malicious executable sent to a user via e-mail as an attachment that seems to be legitimate. Usually most spam messages may include several different notifications such as:

  • “ Open this invoice.”
  • “ Please see the attachment below.”
  • “ Your purchase is complete. See delivery details below.”

Such deceitful messages often get users to open the e-mail attachment, and that is the main goal of the cyber-criminals behind UnblockUPC ransomware.

Another method of having this virus infect a given PC is by letting users download it by themselves via torrents, just like the the RAUM tool. Some even report that hackers have hacked accounts of torrent uploaders with a good reputation to conceal malware disguised as a legitimate torrent, like a game or useful software.
There are many methods by which UnblockUPC can spread, but the most likely technique may be via e-mail since 70% of ransomware viruses use this strategy simply because it is effective.

UnblockUPC Ransomware – In-Depth Analysis

As soon as this virus has infected your computer, UnblockUPC may connect to the cyber-criminals command server after which download from there all the malicious files of the virus on the infected computer. The virus targets the following folders and drops the following files:

→ In the %AppData% directory:
Local\Temp\{File with random letters and digits}
Roaming\Microsoft\Windows\Start Menu\Programs\Startup\einfo.exe
In the %UserProfile% directory:
Desktop\Files encrypted.txt
Documents\Files encrypted.txt
In %ProgramData%:
{random characters}.dat

Besides those files, UnblockUPC ransomware may create many other files as well, such as multiple copies of the Files encrypted.txt and uid.txt ransom notes.

Before encrypting the files of the victim PC, the UnblockUPC virus may automatically start the einfo.exe file, which may be the encryptor, since this file is reported to self-delete after encryption. The UnblockUPC virus looks for a wide variety of pre-programmed in it’s code file extensions. If detected, they are encrypted with the strong AES -128-bit encryption algorithm. UnblockUPC targets primarily widely used types of files to encipher, like:

  • Videos.
  • Audio files.
  • Image files.
  • Microsoft Office files.
  • Adobe files.
  • Other files associated with widely used programs.

According to the malware researchers Demonslay335 and Grinler, the virus is also reported to add the ENC prefix to the enciphered files, for example:

→encNew Text Document.txt

Files that have been encrypted by UnblockUPC ransomware can no longer be opened with any type of software, except if the user pays the 0.18 BTC ransom money, according to the “ Files encrypted.txt” ransom note:

→“ You used to download illegal files from the internet. Now all of your private files has been locked and encrypted!
To unblock them visit one of these websites:
Your UID: {Unique identifier}”

The UnblockUPC virus also adds a wallpaper-like image with the following notification:

→ Here you can unblock your files
You probably used to download illegal files from the internet…
Well, that’s why we encrypted all your private files on your computer.
But fortunately, you can unblock the for just… ~100 EURO (0.18 BTC)
I know, you probably don’t want to pay but believe me, its pretty good opportunity for you. We had access to all your private files, your email, Facebook, bank account, sometimes credit cards… And we only decided to encrypt your files and get 100 euros, we are not so bad!
There is no other way to unlock your files than paying us. If you want to do this, follow these steps:
1. First of all, we need to know your UID; it is your unique identification number; your unlock password is connected with these uid. It is located in uid.txt file on your Desktop or in My Documents/Documents folder.
2. Now you need to put your UID below, and press submit
This page will only work until {date} so better hurry up.
After {date} you won’t be able to unlock your files.” Source: Infected Users

UnblockUPC Ransomware – Conclusion

As a bottom line, the UnblockUPC Ransomware is a threat that is no joke, and it should be taken very seriously. Malware researchers are constantly working on developing free decryptors by reverse engineering malware samples like the once from UnblockUPC. This is the main reason why it is advisable not to pay the decryption fee to cyber-crooks and deal with the files and the virus yourself.

To remove UnblockUPC ransomware, it is recommended to follow the removal instructions below. They are divided in Manual and Automatic and if you are not tech savvy we recommend using the Automatic instructions because they will help you remove UnblockUPC completely at a click of a button.

To try and restore your files, we strongly suggest waiting until a decryptor for UnblockUPC has been released for your computer. Until then, you are welcome to try the not as effective alternative decryption and file restoration tools in step “2. Restore files encrypted by UnblockUPC” below.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share