UltraDeCrypter Virus – Decrypt Files for Free - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

UltraDeCrypter Virus – Decrypt Files for Free

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by UltraCrypter and other threats.
Threats such as UltraCrypter may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This material aims to help you remove UltraDeCrypter(Cryp1 or CryptXXX) Ransomware and decrypt encrypted files using the free decryptors.

During the holidays, a Christmas version of the UltraDeCrypter ransomware was just released and started infecting users. What is specific about this ransomware is that not only it encrypts important videos, music, documents, pictures and other files of the infected computer, but it also offers a Christmas discount on the ransom that is to be paid by the victims whose computers the virus attacks. In case you have become a victim of this ransomware, we strongly urge you not to fall for it’s “Cryptsmas” trap and follow the instructions on this article to restore your files.

Threat Summary

NameUltraCrypter
TypeRansomware
Short DescriptionUltraDeCrypter is the latest version of the CryptXXX ransomware. It will encrypt your files and ask money for decrypting them by using your personal ID.
SymptomsThe ransomware encrypts files with a .cryp1, .crypt or other extensions. It creates a ransom note and gives links to specific Onion sites, based on the Tor browser. It asks for payment to supposedly provide access to UltraDeCrypter program.
Distribution MethodEmail Attachments, Executable Files, Exploit Kits
Detection Tool See If Your System Has Been Affected by UltraCrypter

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss UltraCrypter.

UltraDeCrypter CryptXXX Virus – More Information

The .crypt, .cryp1 and other file extensions are used by this virus to encrypt the files on compromised computers. The malware has first come up using a .crypt file extension after encryption of the files and causing infection via malicious files spammed by e-mail. Later on, the virus came up with a 2.0 version that uses an unknown file extension and demanded $500 from it’s victims to pay. After a decryptor has been released for both versions, the ransomware came out in a 3.0 iteration which was decrypted by both Kaspersky and TrendMicro WhiteHats. The decryptors also worked for the latter version of the virus, renaming itself to Cryp1 ransomware. This virus, unlike the others used Angler Exploit Kit as well as Bedep Exploit Kit via malicious file attachments uploaded by e-mail. Here is a mixture of some of the ransom notes used by the viruses when the wallpapers of the victims were changed:

This damage is also done by this Christmas version of UltraDeCrypter ransomware which modifies the following registry entries:

→ HKLM/Software/Microsoft/WindowsNT/CurrentVersion/Winlogon/Shell
HKLM/Software/Microsoft/Windows/CurrentVersion/Run/
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

Similar to the previous versions of the ransomware, this UltraDeCrypter iteration may also attack the following file extensions to render them no longer openable by the user:

→ 3dm, .aes, .ARC, .asc, .asf, .asm, .asp, .avi, .bak, .bat, .bmp, .brd, .cgm, .class, .cmd, .cpp, .crt, .csr, .CSV, .dbf, .dch, .dcu, .dif, .dip, .djv, .djvu, .doc, .DOC, .docb, .docm, .docx, .DOT, .dotm, .dotx, .eml, .fla, .flv, .frm, .gif, .gpg, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .key, .lay, .lay6, .ldf, .max, .mdb, .mdf, .mid, .mkv, .mml, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11, .MYD, .MYI, .NEF, .obj, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .PAQ, .pas, .pdf, .pem, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .PPT, .pptm, .pptx, .psd, .qcow2, .rar, .raw, .RTF, .sch, .sldx, .slk, .sql, .SQLITE3, .SQLITEDB, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tar, .bz2, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vbs, .vdi, .vmdk, .vmx, .vob, .wav, .wks, .wma, .wmv, .xlc, .xlm, .xls, .XLS, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .zip, .zipx

After encryption the virus has also been reported to cause a deletion of the shadow volume copies on the affected computer, which are very important if you have set up backup on your Windows PC. This is achievable by performing the following command as administrator:

What is interesting is that this version of the virus asks for 0.5 BTC but it does it in a holiday spirit:

Source: Forcepoint

Fortunately for many, this version of UltraDeCrypter is now decryptable and it can be decrypted via either Kaspersky’s Rannoh decryptor or TrendMicro’s decryption tool. Whatever the case may be, we advise you to do this methodologically by following the instructions below for maximum effectiveness and safety.

Remove UltraCrypted and Decrypt Your Files

The first deed of the process is to remove this malware from your computer without harming Windows. You can manually delete the registry entries and malicious files if you have experience removing malware, but for maximum effectiveness researchers advise using an advanced anti-malware program to do it or following the removal manual below.

Note! Your computer system may be affected by UltraCrypter and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as UltraCrypter.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove UltraCrypter follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove UltraCrypter files and objects
2. Find files created by UltraCrypter on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by UltraCrypter

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...