UpdateHost ransomware is a latest ransomware which belongs to Crypto-malware family. This nasty file encrypting threat come in the attention of malware researchers on 6 February 2017. According to researchers, it is one of those ransomware which is created under Hidden tear project. File encrypting threat which is developed under the Hidden tear project became bane for such user who don’t have habit to create backup. To encrypt data of its targeted computer, it use one of the most sophisticated encryption algorithm which is known as asymmetric AES cipher. So if you are among those unfortunate user’s whose file get encrypted by this threat then you can’t access your file without the help of private key. Hackers behind this ransomware also remove the private key and delete the shadow volume copies, so that the victim can’t decrypt their files.
UpdateHost ransomware : Process of encryption
After successful execution, UpdateHost ransomware make entries in Windows registry which help it to start automatically every time in the system. Just after its invasion, it start scanning all the available files and folder of the infected computer to encrypt its data. The encrypted file can be easily recognized because it append “.locked” extension to all the enciphered files. Its attack can be devastating specially if the user has not created backup of their files. An updated version of this ransomware has also been released which is known as updatehost.exe file which is also a dangerous threat. The UpdateHost ransomware is capable to lock the data containers of the following extension:
UpdateHost ransomware : The Ransom note
Like most of the Hidden tear variant, UpdateHost ransomware also drop a ransom note on the victims desktop which is presented as ‘READ_IT.txt‘. However the ransom note doesn’t contain detail information such as amount of ransom, number of files encrypted etc. It only instruct the victims to contact “firstname.lastname@example.org” email. But as advised by experts, user should not try to contact the given email. Because criminals will demand the victim to pay a certain amount of ransom in exchange of the decryption key. But it is not assured that the criminals will give back the private key even after paying the ransom. Here is a snap of the ransom note :
In addition, UpdateHost ransomware also create other damage to the infected computer. It create a backdoor which allow other infection to attack the system. Beside that it also infect other device too which is connected to the compromised PC. So if you don’t want to face these problem in future then remove UpdateHost ransomware now. Different anti virus vendor detect this threat with different name such as :
- Trojan-Ransom.HiddenTear (A)
How UpdateHost ransomware is distributed?
However, ransomware can travel through various method but they usually get distributed via spam email campaign. Criminals will send you an email which is disguised as legitimate and contain common attachments such as doc, pdf etc. But in real the attachment contains executable of ransomware which activate the threat once you open the attachment. Beside that the payload of this ransomware is also distributed on file sharing and social media networks. So if you want to prevent the ransomware attack then you must be very careful from these things.
Removal guide of UpdateHost ransomware
The ransomware must be removed from the system otherwise it keep creating problem. In order to remove it from yourself you can use the following manual removal steps:
Step 1: Restart your PC to Safe Mode with Networking
- Click on Start button > click Shutdown button.
- After that click on the Restart and click OK.
- Continue pressing F8 key once your PC become active.
- It launch the Advanced Boot Options window.
Step 2 : Remove suspicious files from control panel
- Close all the programs and select control panel.
- Now choose uninstall a program and features option.
- Here you will get all the installed program.
- Find out program related to UpdateHost ransomware
- Click on Uninstall option to remove them
Step 3 : Stop malicious process From Task Manager
- Press the Windows logo + R button simultaneously.
- It will launch the run box on your screen
- Now type “taskmgr”, click on the OK button.
- In Process tab and select malicious process
- Click on End process tab
Threats like ransomware create their malicious files which is not possible to recognize and remove manually. So for the complete removal of UpdateHost ransomware go through automatic removal.