Uyari Ransomware

What is Uyari Ransomware?

Uyari Ransomware is a malicious computer infection designed to steal your money. This program mostly affects computer users in Turkey, but it exhibits all the main aspects of a ransomware program, so it should be taken seriously.

One of the most important things about such infections is that they do encrypt your files, and they do ask for a ransom payment. Needless to say, you should never transfer the payment because that would be simply giving the criminals what they want. Instead, you need to remove Uyari Ransomware from the system as soon as possible and then figure out a way to restore your files.

Where does Uyari Ransomware come from?

We should look at this in two perspectives: how the program gets distributed and how it was created. For starters, Uyari Ransomware employs the usual ransomware distribution vector: spam email. There is nothing surprising about it because the spam email campaigns are the most common ransomware distribution method. Thus, whenever you receive a message from some unfamiliar sender, you should check twice before opening the attachment. Probably, the last email attachment you have opened was the ransomware’s installer file.

As far as the technical aspects of this infection are concerned, Uyari Ransomware is based on the open-source Hidden Tear ransomware. It seems that this open source code is a popular method for ransomware creators to spawn new applications to the left and to the right. Also, we would like to point out that quite a few programs happen to be up for sale or rent, so sometimes the people who demand that you pay the ransom are not even the original creators of the specific application. The same might apply to Uyari Ransomware, too.

What does Uyari Ransomware do?

This infection uses the AES-256 algorithm to encrypt your files. Although the program does not target all of the file types, it still affects the most commonly used files. Our research shows that the file extensions that get encrypted by the ransomware are txt, .rar, .jpeg, .jpg, .pdf, .sql, .png, .accdb, zip, .gz, .tar, tib, .tmp, .frm, .dwg, pst, .psd, .ai, .svg,. gif, .bak, .db, .xls , .xlsx, .doc, .docx, .ppt, and .pptx. Basically, with this program on-board, all of your documents will be rendered inaccessible.

Aside from affecting your files, Uyari Ransomware also performs system modifications by creating a small file in the %USERPROFILE% directory. The file is called “windowsServiceEngine,” and there seems to be no information in the file whatsoever if you try to open it with the Notepad. However, our researchers think that this file allows the program to register the new infection, as it contacts is command and control center. The importance of the file is proved further by a new registry entry in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run key because the value name is WindowsServiceEngine, and the value data points at the file’s path.

Of course, the main objective of this infection is to push you into paying the ransom fee. The application leaves an .html file on your desktop with the payment instructions in Turkish. Shockingly enough, the program asks you to pay 2 BTC for the decryption key. That is way over the usual ransom threshold because when you convert it into the US dollars, you get around $1300USD. What’s more, even if you do pay the fine, there is no guarantee that the ransomware application would issue the decryption key. This is the issue that users encounter quite often when they get infected with ransomware programs. Even if you are desperate to retrieve your files, you should think twice before giving your money away to these criminals.

How do I remove Uyari Ransomware?

This is a fairly new infection, so there is no decryption tool available as of yet. Nevertheless, that should not discourage you because you can always restore your files from a backup or some cloud storage. Check your inbox. Perhaps you have been saving files on your email’s drive all this time without realizing it. Even if retrieving files proves to be difficult, that should not stop you from removing Uyari Ransomware.

You will find the removal instructions below, and once you are done with that, please scan your computer with a powerful antispyware tool. You have to be absolutely sure that no files or other malicious programs remain on your system. Only then will you be able to breathe a sigh of relief.

Manual Uyari Ransomware Removal

1. Press Win+R and the Run prompt will open.
2. Type regedit into the Open box and click OK.
3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
4. On the right, right-click the WindowsServiceEngine value.
5. Select Delete to remove it and exit Registry Editor.
6. Remove the last executable file you have launched.
7. Remove the .html file from your desktop.
8. Launch a full PC scan with SpyHunter.

Download Removal Tool100% FREE spyware scan and
tested removal of Uyari Ransomware*