Uta Ransomware

Uta Ransomware is nothing we haven’t seen before. This infection is a clone of many other threats that we have analyzed and reported to our readers, and that is because a source code is available to anyone, and that means that anyone can build their own version. Although most Dharma/Crysis Ransomware infections work and even look the same, we need to inspect every single one of them individually. Our research team has tested the threat we are discussing in this report, and so we can provide you with useful information. We even show you how to delete this threat manually. If you are not sure if you need to remove Uta Ransomware from your operating system or if that is the threat that you are dealing with, we suggest that you read this report and also employ a trusted malware scanner that will be able to examine your system and quickly identify the threat that requires your attention.

Just like Save Ransomware, MGS Ransomware, Wal Ransomware, Zatrov Ransomware, and many other clones from the same family, Uta Ransomware is all about stealthy entrance. In fact, you might not even know how this infection got in. Most frequently, threats like this one employ spam emails and bundled downloaders to trick victims into executing malware themselves, or attackers exploit unpatched security vulnerabilities and drop malware without notice. Obviously, if you can delete Uta Ransomware before files are encrypted, that is what you should do. Unfortunately, most victims realize that something is wrong only once they discover the “.id-{unique ID}.[jacklee@airmail.cc].uta” extension appended to their files. These files are unreadable because malware changes the data within them. Since victims are unlikely to understand what has happened just by looking at an odd extension, a file named “FILES ENCRYPTED.txt” is created on the Desktop. It is safe to open it before removing it.

The message that is represented via the “FILES ENCRYPTED.txt” file informs that data was “locked” and that you need to send a message to jacklee@airmail.cc or jacklee73@mail.ua if you want to unlock them. Should you do it? We do not recommend it because the attackers behind Uta Ransomware would demand money from you, and paying a ransom in return for a decryptor of some sort is too risky. What if the ransom is small and you can handle it? Needless to say, you are free to do whatever you want and take any risks you want, but if you want our advice, we do not recommend paying the ransom. That is because most victims of ransomware end up receiving nothing in return. Furthermore, by sending a message from your email account, you could expose yourself to new scams that could hit you when you least expect it. After all, Uta Ransomware itself could spread with the help of misleading spam emails. You could create a new email account, but even then, you could be tricked into opening corrupted files or links, and so we do not recommend it. If you choose to take a risk, make sure you are extra careful.

There are components of Uta Ransomware that have specific names and locations. Other components have random names, and their locations are unknown. This is what complicates the manual removal of this infection. So, can you delete Uta Ransomware manually? That is up to you and your skills. If you are not skilled enough, you might benefit from employing an anti-malware program that can detect and delete malicious infections automatically. If you use such a program, you will not need to worry about any threat on your operating system. Even better, you will not need to worry about your virtual security because it will be taken care of. Without a doubt, you need your system protected because there are tons of other infections that could try to sneak in and corrupt your files. Speaking of files, while a free decryptor does not exist, perhaps you can replace the corrupted ones with backup copies? Always have backups stored outside the computer because you never know what could target your personal files next.

N.B. If you have questions about the removal of Uta Ransomware – regardless of whether you choose to do it manually or with the assistance of automated tools – you can always add them to the comments below, and our research team will address them.

Uta Ransomware Removal

1. Delete all suspicious files you downloaded recently to delete the {random name}.exe launcher file.
2. Move to the Desktop and Delete the ransom note file named FILES ENCRYPTED.txt.
3. Tap Win+E keys on the keyboard to access Explorer and then enter %APPDATA% into the box at the top.
4. Delete the file named Info.hta that also carries a message from the attackers.
5. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ into the box at the top.
6. Delete the file named Info.hta and a malicious {random name}.exe file.
7. Empty Recycle Bin and then install a malware scanner that you know you can trust.
8. Run the program to perform a full system scan and check for any hidden infections or leftovers.