In addition to the newer ransomware variants coming out in August 2017, Uefi Ransomware is also one that must not be underestimated. The virus pretends to encrypt the files on the computers it has compromised, demanding from it’s victims to send the sum of $350 to the BitCoin address of the cyber-criminals who are behind the threat in order to decrypt them. If you have become a victim of the Uefi ransowmare infection, we strongly advise you to read this article thoroughly.
|Short Description||Encrypts the files on the computers that have been infected by it, demanding $350 ransom payoff to get them back.|
|Symptoms||Changes the wallpaper on the infected computer and adds a decrypt.txt ransom note on the desktop of the victim PC.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by Uefi Ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Uefi Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Does Uefi Ransomware Infect
The infection process of Uefi Ransomware is possibly conducted in several ways, the main of which may be via e-mail spam. The e-mails that infect with Uefi ransowmare may use malicious e-mail attachments or web links that can cause the infection itself. They usually contain multiple different types of e-mail messages that portray the malicious e-mail attachments in them as legitimate ones, such as:
- Confirmation letters.
- Bank account activity and balance sheets.
After the victim has been tricked into opening the fake e-mail attachments, the virus may immediately connect to a remote host and download the payload of Uefi ransomware.
Other methods by which one could become a victim of this ransomware virus is to download a fake setup, key generator or other type of fake executable file, posing as legitimate online.
Uefi Ransomware – Malicious Activity
Uefi ransomware is not to be mistaken with the first-ever ransomware virus, coming out with that name on March 2017 which actually attacked the UEFI of a compromised PC.
Although using the same name may be a hint that this ransomware may be created by the same people behind the original Uefi Ransomware virus, this malware has nothing to do with it.
After infection with this virus, you may find some of it’s payload files dropped under different names in the occasionally targeted Windows folders:
After dropping it’s files, the Uefi Ransowmare virus may execute them as hidden processes in Windows Task Manager. Since the files contain various functions, which are the key behind the activity of Uefi ransomware, executing them may result in the virus:
- Creating mutexes.
- Generating new types of permissions that give the virus administrative rights over your computer.
- Modify the Windows Registry Editor.
Regarding the Windows Registry Editor, the malware may take advantage of the following Windows Registry sub-keys:
After this ransomware virus has finished it’s preparation phase it may begin to make it’s presence known on the compromised computer and change it’s wallpaper to the following image:
In addition to this, a decrypt.txt file is dropped which has the following ransom note:
Your Files Are Encrypted By Uefi Ransomware!
In Order To Get Your Files Back
Please send 350$ worth of Bitcoin to this address:
Refer to decrypt.txt for further instructions.
Uefi Ransomware – Does It Encrypt Files
At the moment, it has been established that Uefi ransomware only pretends to encrypt files, whereas in fact, the virus does not perform encryption on them. Instead, the malware aims to scare off the infected victims into paying hefty ransom fees, as reported by malware researchers on Twitter:
— Leo (@leotpsc) August 7, 2017
Remove Uefi Ransomware and Restore Files
Before beginning the removal process it is always recommended to focus on backing up your files. Then, you can proceed with following either the manual or automatic removal instructions below. If you lack the experience in manually removing ransomware, like Uefi Ransomware, we strongly recommend you to focus on following the automatic removal instructions below. The removal of the Uefi ransomware virus may be easier than usual as it does not encrypt any files. For maximum effectiveness and faster removal, experts strongly advise to focus on using an advanced anti-malware software which aims to help you remove it’s malicious executable as well as other support type of files completely.