Ultimo Ransomware

We are sure that Ultimo Ransomware has not become a real threat because it has been developed only recently. On top of that, researchers at pcthreat.com suspect that this nasty infection is still in development because it failed to encrypt files and drop a ransom note during analysis. Of course, it does not mean that cyber criminals cannot release its final version soon. If they start actively distributing Ultimo Ransomware, it might slither onto your computer without any difficulties, especially if you do not have a security application installed on it. Without a doubt, it will demand money from you after encrypting your files. Do not pay a cent to cyber criminals because you do not know whether you could unlock your files once you transfer money to them. Also, the ransomware infection will not be deleted from your system. It is not a threat that can start working automatically together with the Windows OS; however, if you double-click on its launcher and thus open it, the ransomware infection will manage to find all new files on your computer. As a consequence, they will all be encrypted as well. Ransomware infections use strong ciphers to lock victims’ files, so you could not unlock them by deleting it Ultimo Ransomware. As you can see, Ultimo Ransomware might cause you serious problems, so if you are reading this article out of curiosity, i.e. you have not encountered it yet, you should be more cautious so that this threat could not find a way to enter your system unnoticed.

Ultimo Ransomware did not encrypt files during research carried out by our specialists, but the chances are high that it will be fixed soon. If you encounter the new version of this threat that encrypts files on users’ PCs, you will also find your personal files locked soon. All these files will be marked with the .locked filename extension. Just like other HiddenTear-based ransomware infections analyzed by our researchers, it targets the most valuable files as well. For example, it will lock your documents, pictures, and many other files. Speaking specifically, it targets .php, .html, .xml, .psd, .mdb, .mp3, .pdf, .zip, .rar, .xls, .docx, .txt, and other files with popular extensions. The updated version of Ultimo Ransomware should also drop a ransom note (READ_IT.txt) on Desktop after encrypting your personal files. It will tell you to send 0.022 Bitcoin (the size of the ransom might change) to the Bitcoin address indicated in the ransom note within 48 hours and then contact cyber criminals: “After the payment, enter the wallet from which paid, and email, in which contact you. blackgold123@protonmail.com.” Paying money to cyber criminals might be the only way to unlock files, but you should not send a cent to them because you have no guarantees that it will be possible to unlock encrypted files after transferring money to them. A free tool to decrypt files might be released in the future, so if you have already found your personal files encrypted, do not rush to delete them. Without a doubt, the ransomware infection must be deleted fully.

The chances are high that Ultimo Ransomware is not even distributed actively yet, specialists say. This is the reason they do not know much about its distribution as well. Without a doubt, they still have a theory. In their opinion, this new ransomware infection should be spread using the same distribution methods as other threats based on the Hidden-Tear engine. In other words, they believe that it should be mainly spread via spam emails. Do not open any attachments from spam emails if you do not want to end up with harmful malicious software. In addition, install security software on your system and make sure it gets the latest updates so that it could recognize and prevent all the newest threats from entering the system.

It is necessary to remove Ultimo Ransomware fully no matter it has locked your files or not. Luckily, it is not one of those sophisticated malicious applications that make modifications on affected systems so that they would not be easily erased. Therefore, you should manage to delete Ultimo Ransomware fully by erasing its launcher, i.e. the malicious file you have opened recently and the ransom note dropped by it on Desktop. Use instructions provided below if you need some help with the Ultimo Ransomware removal. If you find it impossible to get rid of this infection manually, scan your system with an automated malware remover. It will erase all infections from your PC in no time.

Delete Ultimo Ransomware

1. Open Explorer (tap Win+E).
2. Type %USERPROFILE%\Downloads in its URL bar and press Enter to open it.
3. Delete all recently downloaded files.
4. Remove READ_IT.txt dropped on your computer.
5. Empty Trash.
6. Perform a scan with a diagnostic antimalware scanner to check whether all malicious files have been deleted.