A new file encrypting threat has been discovered by PC security analyst which is named as Unlock26 Ransomware. It is a latest emerged ransomware which come in the attention of researchers on 23 February 2017. it is named after the payment portal which it used in its ransom note to get money form victim. The features of this ransomware is very much identical to Hermes Ransomware which was also found in the first week of February. Like most of the ransomware, it also appear on the PC without user’s knowledge and after getting executed it start scanning the system to encrypt available file or folder. However it is still under security analysis and it is still unknown that the ransomware either use asymmetric or symmetric cryptography to lock data of infected computer. But once your file get encrypted, you can’t access them anymore.
Unlock26 Ransomware : Process of infection
After its execution, Unlock26 Ransomware start b1Z7gfdX0.exe process to make itself run on the compromised system. If you are a Windows user and your file get encrypted by this ransomware then all the file get converted in a white icon. Beside that whenever you want to access those file then windows will give alert message like file are not recognized or get corrupted. According to expert, the very ransomware provide different unique key to different user and decryption of file is not possible without decryption key which is stored by the criminals. After that it encrypt data of local disks, loaded on network shares, removable and portable media. Infection sample of Unlock26 Ransomware reveals that the threat is designed to infect the following file types:
Unlock26 Ransomware : What happens after infection?
After accomplishing the encryption process, Unlock26 Ransomware will drop a ransom note that read as “Readme-Q1u.html”. This ransom note is dropped on the desktop of victim computer or in the document library. The ransom note inform victim that their file has been encrypted and to know the process of decryption they have to visit unlock26ozqwoyfv.hiddenservice.net. Once you get the payment portal you will ask to pay 6 Bitcoin which is currently equal to 7058 USD and 6661 EUR. Experts never encourage to pay off the ransom because there is a risk that you will lose your money and hackers ignore your request. Beside that you should remove Unlock26 Ransomware and opt some other option to restore your file.
Unlock26 Ransomware : Distribution method
As stated above, research on this ransomware is still under process hence its distribution method is not known. But experts assume that the developer of this ransomware might use the most popular method which is used to distribute other ransomware. Such as :
- Spam email campaigns : Spam email campaign is among the most popular distribution method of ransomware. The threat is attached with the email or linked in the email body. When user open the attachment the threat get activate in the system.
- Software Installer : In this method the executable file of ransomware are included with free or pirated software which get injected in the system during installation.
- Malicious redirects : Clicking on malicious link or visiting unsafe site can end up with downloading malware script.
Unlock26 Ransomware : Removal instructions
If your computer is infected with Unlock26 Ransomware then you must remove it at its initial stage otherwise it open system backdoor and invite other infection. There are two removal ways manual or automatic. To remove it manually you can use the following manual steps:
Step 1: Restart PC in Safe Mode with Networking
- Click on Start button > click Shutdown button.
- After that click on the Restart and click OK.
- Continue pressing F8 key once your PC become active.
- It launch the Advanced Boot Options window.
Step 2 : Enable Hidden files and Folders
- Click on the start menu and select Folder option
- After that go to the advance settings
- Here, enable “show hidden files and folders”
- Mark the box if it is unmarked
- Click on Apply and then OK
Step 2 : Stop malicious process From Task Manager
- Press Windows + R button simultaneously.
- It will open the run box on your screen
- Now type “taskmgr”, click on the OK button.
- In Process tab and select malicious process
- Click on End process tab
If you are not an experience user and having difficulties in using the manual steps then don’t be sad. It is recommended use Free-scanner which automatically remove Unlock26 Ransomware form your system.