$ucyLocker Ransomware

Posted by Max Lehmann on June 19, 2017

What is $ucyLocker Ransomware?

$ucyLocker Ransomware (also known as SucyLocker Ransomware) is a harmful malicious application detected by our experienced researchers at the beginning of June, 2017. The fact that it has been detected recently suggests that it is a new ransomware-type infection which is not very popular yet. Everything might change soon, of course. Ransomware infections are malicious applications developed by cyber criminals to extract money from users, and, unfortunately, we cannot say that $ucyLocker Ransomware is different. After its malicious file VapeHacksLoader.exe is launched, it starts working on a victim’s computer. It finds where users’ files are located first and only then encrypts them. In this sense, it does not differ much from other ransomware-type infections based on the Hidden-Tear engine. Do not give the developer of this nasty infection a cent and hurry to delete $ucyLocker Ransomware from your computer so that it could not lock your files one more time. This malicious application not only encrypts files, but also disables Task Manager. Evidently, it tries to make it harder to remove it. Do not worry; after getting rid of the ransomware infection, you could restore its functionality.

What does $ucyLocker Ransomware do?

Without a doubt, $ucyLocker Ransomware enters computers to encrypt files and obtain money from innocent users, so its starts the encryption process soon after slithering onto the system successfully. It mainly locks text files; however, if you cannot open other files (e.g. pictures, videos, music, etc.) too, it is very likely that they have all been encrypted by $ucyLocker Ransomware. Those files it locks receive a new extension .WINDOWS, but their original names are left unchanged, for example, textfile.txt.WINDOWS. When files get this extension and can no longer be accessed, the main program window is opened on Desktop. In addition, a new file READ_IT.txt is created. It tells that users’ files have been encrypted and they need to “Read the Program for more information.” The main ransomware window opened on Desktop tells users a little bit more. It becomes clear immediately that cyber criminals require 0.16 Bitcoin in exchange for files. The amount of money required has to be sent in Bitcoins to the provided Bitcoin address. Do not send them money no matter how badly you need your files back. According to specialists at anti-spyware-101.com, users have to delete the ransomware infection from their computers no matter what they decide regarding the payment. At the time of writing, a free tool for decrypting files does not exist; however, it might be released one day, so do not hurry to delete those encrypted files.

Where does $ucyLocker Ransomware come from?

Although $ucyLocker Ransomware is not one of those prevalent ransomware infections, it might still show up on users’ computers without permission. Two deceptive methods are used to spread it, our specialists have revealed. First, like other ransomware infections, it might be distributed in spam emails. It is one of the most frequently used ransomware distribution methods, but it is surely not the only one. If users download software from suspicious pages, they might allow $ucyLocker Ransomware to enter their PCs without even realizing that too. After the successful entrance, the encryption of files takes place and Task Manager is disabled. Also, users find a new window on Desktop and a ransom note created on their computers. Honestly speaking, it is not that easy to prevent such harmful infections as ransomware from entering systems because they are sneaky threats, and they can easily hide from users. Luckily, we know a way to prevent ransomware infections from entering computers. All users must have an enabled security application on their computers. It does not mean that they can continue downloading programs from suspicious sources after installing security software on their computers.

How to delete $ucyLocker Ransomware

It should not be that hard to remove $ucyLocker Ransomware from the system because it does not make many modifications on affected computers. In fact, you will only need to delete recently downloaded malicious files and a file READ_IT.txt created on Desktop. Unfortunately, we cannot say that it will be easy to enable Task Manager, which was disabled by the ransomware infection. We want you to know that you can fully delete the ransomware infection from your computer automatically too – you need to perform only one system scan with a reputable scanner.

$ucyLocker Ransomware removal guide

Remove the ransomware infection

  1. Open the Windows Explorer (tap Win+E).
  2. Open and check all these directories one by one: %TEMP%, %USERPROFILE%\Desktop, and %USERPROFILE%\Downloads.
  3. Delete suspicious files from these places.
  4. Remove READ_IT.txt from Desktop.
  5. Empty the Trash bin.

Fix Task Manager

  1. Press Win+R.
  2. Type gpedit.msc in the field and click OK.
  3. Open User Configuration.
  4. Click Administrative Templates.
  5. Select System.
  6. Open Ctrl+Alt+Del Options.
  7. Double-click on Remove Task Manager.
  8. Choose Disabled or Not Configured.
  9. Click Apply and click OK.
  10. Restart your computer. 100% FREE spyware scan and
    tested removal of $ucyLocker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *