Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission

Uyari Ransomware

Uyari Ransomware is a fresh danger for Turkish computer user since this malicious program seems to only target Turkey. The name, Uyari, in fact means "Warning" in Turkish. We have found that this beast is based on the well-known open source Hidden Tear Ransomware that was originally created for security studies, but criminals seem to exploit it just like in the case of 8lock8 Ransomware. This infection is a major hit to your computer because it can encrypt your text files, images, archives, and databases. Since this is a very fresh Hidden Tear variant, you may not find free tools on the web to recover your encrypted files yet. Although, it is quite possible that one will soon emerge. So if you do not want to risk losing the rather high ransom fee and still end up with no decryption, we advise you to remove Uyari Ransomware ASAP. Keep in mind that this will not recover your files but this is certainly what you should do if you want to protect your computer from further issues.

Our research indicates that this ransomware is mostly spread as an attachment to spam e-mails. It is possible that you got tricked by these criminals and that is why you opened such a mail and saved its attachment. Your spam filter may filter out most of the spams hitting your mail account but it never means 100% safety. These malicious mails can pretend to come from legitimate companies, parcel delivery services, Internet providers, and so on. So you will not be able to notice at first sight that it is a spam indeed. The subject line will also be something that could relate to you or even if not, you would definitely want to check the mail and its attachment out. For example, an error with a flight reservation, problem with a delivery by FedEx, an issue with a credit card payment, and more. Do you think any of these topics would get your attention? Do you think that you would like to see that attached file (invoice, flight ticket, parcel details) right away? This is what these criminals count on really. And, this is how a lot of users infect their computers with Uyari Ransomware.

It is important for your own sake to make sure that the e-mails you open are indeed meant for you to receive, including the attachment. This infectious attached file could be an image or a text document by the way. The moment you download and run this file is actually the moment you activate this dangerous threat. There is no doubt that you should remove Uyari Ransomware the second you notice its presence.

This ransomware infection seems to take its time since the usual encryption could range from 10 seconds to 2 minutes, but this malware can take from 5 to 10 minutes to finish even though it uses the Windows built-in algorithm called AES-256. This threat targets the following extensions: .txt, .rar, .jpeg, .jpg, .pdf, .sql, .png, .accdb, .xls , .xlsx, .doc, .docx, .ppt, .pptx, .zip, .gz, .tar, tib, .tmp, .frm, .dwg, pst, .psd, .ai, .svg,. gif, .bak, and .db. When a file is encrypted, it gets a “.locked” extension, which is sort of a default extension some ransomware programs tend to use. When you launch the malicious executable file, it creates a small file in %USERPROFILE% folder with the name ".windowsServiceEngine" and a registry entry in the "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" entry with the value name "WindowsServiceEngine." This way, Uyari Ransomware can start up every time you restart your computer.

When the dirty job is done, this ransomware does not lock your screen or replace your desktop background with a scary ransom note image. Instead, it creates an .html file on your desktop called "DOSYALARINIZA ULAŞMAK İÇİN AÇINIZ.html" that you need to open in order to see the instructions. This Turkish ransom note contains a number of appearances of the name "CryptoLocker virüsü" (virus); however, we have found that this infection has nothing to do with that family of ransomware. These criminals demand you to pay a high fee of 2 Bitcoins (approximately 1100 USD at the time of writing) to the provided Bitcoin address if you want these criminals to give you the decryption key to restore your files. Unfortunately, it rarely happens that such criminals actually decrypt the victims’ files. It is also possible that a technical issue comes up, i.e., the connection could be lost between the infection and the remote Command and Control server, which would result in your not getting the decryption key even if you have transferred the money. Therefore, we advise you to think twice before you pay up. Also, consider if your files are worth this much money at all, not to mention the fact that you would support cyber criminals by giving them what they want. Yet another argument against paying the ransom fee is that it is quite possible that there will soon be a decrypter tool released on the web since this beast is based on an open source ransomware. No matter how you decide though, in the end you must delete Uyari Ransomware if you want to use your computer.

If you are a security-minded person, you may regularly save copies of your important files onto a removable drive. If you are lucky enough to have such a backup, you still need to remove Uyari Ransomware first, before you rush to transfer your files back to your hard disk. Since this malware infection does not block your screen or any system files, there is no need for restarting your computer in Safe Mode. You need to get rid of the Run registry entry and the downloaded executable file. This should clean your system of this ransomware. Please use our step-by-step instructions we have included below if you need help with this. If you want decent protection for your PC, you may want to use a reliable malware removal application that will prevent all known malware infections from infiltrating your operating system.

How to remove Uyari Ransomware from Windows

  1. Press Win+R and enter regedit. Click OK.
  2. Delete the value name called "WindowsServiceEngine" from the Run registry entry: "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"
  3. Exit the editor.
  4. Press Win+E.
  5. Locate and delete the malicious file you downloaded and launched.
  6. Bin the .html file from the desktop.
  7. Empty your Recycle Bin.
  8. Reboot your computer.
Download Spyware Removal Tool to Remove* Uyari Ransomware
  • Quick & tested solution for Uyari Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.