- Slow Computer
- System crashes
- Installs itself without permissions
- Can't be uninstalled via Control Panel
A new ransomware-type computer infection called Unikey Ransomware has been unleashed upon the Internet, and it threatens to encrypt the files of anyone unfortunate enough to get it. Its creators demand that you pay a ransom for a decryption key to recover them, but you should not trust them because they might not give it to you once you have paid. Therefore, we believe that it is better just to remove it altogether and recover as many of the encrypted files from external drives. In this article, we discuss how this program is distributed, how it works, and how you can get rid of it. To find out more about this ransomware, please read this whole article.
Unikey Ransomware belongs to the Hidden-Tear ransomware family. Therefore, it has similarities with MoWare H.F.D Ransomware, Executioner Ransomware, Decryption Assistant Ransomware, and several others. In fact, the Hidden-Tear ransomware family is probably the largest family of ransomware currently out there. Hidden-Tear ransomware are highly malicious, but they are often released as test versions — not fully completed and often do not work properly.
We think that Unikey Ransomware is most likely distributed in the same way most of its predecessors were. Its developers probably employ email spam sent to random users to inject their computers. The ransomware file is included in the email as an attachment and it can be disguised as a PDF document via a double extension. However, it is an executable file, in fact that, once opened, will infect your PC with this ransomware. Once on your PC, this ransomware is bound to start doing its dirty work.
We believe Unikey Ransomware uses an AES encryption algorithm to encrypt your files. The ransomware generates a unique public encryption key and then a private decryption key that is sent to this ransomware’s server and stored. This ransomware is bound to encrypt many file formats, particularly those that are likely to contain valuable information. Hence, many of your documents, pictures, videos, audios, and file archives can be encrypted. The ransomware appends the encrypted files with a ".locked" file extension, so an encrypted JPG file will look like File.jpg.locked. The good news is that Unikey Ransomware is again one of those semi-functional programs that was released for testing purposes. Our analysis has shown that it was set to encrypt files in %USERPROFILE%\Desktop which means that it encrypts file location on the desktop only.
Once the encryption is complete, Unikey Ransomware drops a ransom note called "READ_IT.txt" on the desktop. The note says "Files has been encrypted with hidden tear.” The note also states that you need to send some Bitcoins, but there is no Bitcoin wallet address or instructions on how to do that. The sum to be paid is also not specified. The insufficient ransom note leads us to believe that this is only a test version, so the complete ransom note has not been written yet.
In closing, Unikey Ransomware seems to be a test version that does not let you buy a decryption key but can encrypt many of the files on your desktop. Therefore, if your PC has been infected with it, then there is currently no way to get your files back. Therefore you ought to remove it manually or get an anti-malware program such as SpyHunter to delete it automatically.