Unikey Ransomware Virus – Decrypt .locked Files for Free

This article has been created to help you remove Unikey ransomware virus from your computer and restore .locked encrypted files.

A ransomware infection, based on the HiddenTear open source ransomware project has been reported by malware researchers to infect the computers of unsuspecting victims after which drop a READ_IT.txt ransom note in which it demands “bitcoins or kebab”. The virus files aim to perform multiple modifications to your documents and other important files, ending with the .locked file extension. Luckily, the Unikey virus is decryptable, because it is based on HiddenTear. If your computer has been infected by Unikey ransomware virus, we strongly suggest that you read this article to learn how to remove this virus and decrypt your files for free.

Threat Summary

Name

Unikey Ransomware

TypeRansomware
Short DescriptionBased on the HiddenTear ransomware project. Encrypts the files and then drops a ransom note. Possibly a joke ransomware

SymptomsFiles are encrypted with the .locked file extension and a ransom note READ_IT.txt is dropped on the infected PC.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Unikey Ransomware

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Unikey Ransomware.

Unikey Ransomware – More Information

The Unikey ransomware may infect your computer via several different methods:

  • Via spammed e-mails that spread either malicious e-mail attachments or web links that lead to the download of the malicious files.
  • Via unprotected RDP configuration.
  • Via web injectors.
  • Via fake system updates.
  • Via infected installers of software uploaded on suspicious software websites.

Whether it is via one way or another, the Unikey ransomware virus slips past Windows defenses which is most likely done via obfuscation software, allowing it to stay undetected. After infection, Unikey ransomware connects to foreign hosts from which it download It’s malicious executable file, named Unikey-Ransomware.exe, as reported in VirusTotal:

The Unikey ransomware virus also creates a folder on the desktop of the infected computer, called test. In it the virus drops it’s ransom note, named READ_IT.txt. It has the following rather funny ransom message, without leaving any contact information:

“Files has been encrypted with hidden tear
Send me some bitcoins or kebab
And I also hate night clubs, desserts, being drunk.”

Fortunately you won’t have to pay any ransom, even if you could, because this virus is decryptable. We have designed specific decryption instructions for all the HiddenTear ransomware variants, including Unikey. If you want to decrypt your files for free, we recommend you to follow the instructions below.

Unikey Ransomware Virus – Decryption Instructions

The decryption process of Unikey ransomware is not tech-savvy, but you will need to be prepared and follow the instructions below:

Step 1: Download the HiddenTear BruteForcer by clicking on the button below and open the archive:

Download

HiddenTear Bruteforcer


1-hidden-tear-bruteforcer-download-sensorstechforum

Step 2: Extract the program onto your Desktop or wherever you feel comfortable to easily access it and open it as an administrator:

2-hidden-tear-bruteforcer-extract-sensorstechforum

Step 3: After opening it, you should see the main interface of the brute force. From there, choose “Browser Sample” to select a sample encrypted file of the type of ransomware you are trying to decrypt:

3-Hiddentear-sensorstechforum-bruteforcer-main-panel

Step 4: After this select the type of ransomware from the down-left expanding menu:

4-hidden-tear-choose-ransowmare-variant-sensorstechforum

Step 5: Click on the Start Bruteforce button. This may take some time. After the brute forcing is finished and the key is found, copy it and save it somewhere on your PC in a .txt file, you will need it later.

Step 6: Download the HiddenTear Decryptor from the download button below:

Download

HiddenTear Decrypter

Step 7: Extract it and open it, the same way with HiddenTear Bruteforcer. From it’s primary interface, paste the key copied from the BruteForcer, write the type of extension being used by the ransomware and click on the Decrypt button as shown below:

5-hiddentear-decrypter-password-decrypt-sensorstechforum

After these steps have been completed, you should immediately copy your files to an external device so that they are safe. After this has been done, we strongly recommend completely wiping your drives and reinstalling Windows on the affected machine.

Unikey Ransomware Decryption – Conclusion

Ransomware infections, such as Unikey are becoming more and more often met. The security experts often publish multiple projects and make them accessible for free with the goal to fight back the ransomware menace. However, coders of ransomware viruses often utilize the deep web to sell their viruses to multiple other vendors who spread them further. Since the ransomware menace is ever-expanding, we only expect this trend to increase. This is why we recommend you to follow these beneficial advices that may just save your computer one day:

Advice 1: Make sure to read our general protection tips and try to make them your habit and educated others to do so as well.
Advice 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Advice 3: Seek out and download specific anti-ransomware software which is reliable.

Advice 4: Backup your files using one of the methods in this article.

Advice 5: : Make sure to use a secure web browser while surfing the world wide web.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.