UltraCrypter Ransomware - How To Remove?


UltraCrypter ransomware is derived from CryptXXX ransomware. To be more precise, it is the latest version of CryptXXX 3.0 ransomware. UltraCrypter encoder have a number of names: Crypt1 ransomware, Crypt ransomware, UltraDeCrypter, CryptXXX 3.0 (ver. 2), etc. It is similar to Locky, Cerber, zCrypt, Zyklon, BadBlock and other ransomware viruses which target the victim’s data, corrupts it and demand for ransom to retrieve it. Just UltraCrypter ransomware is very laconic in its appearance – it covers your desktop with black with a brief ransom note on top.

About UltraCrypter Ransomware

UltraCrypter cryptomalware uses asymmetric encryption algorithm. Thus, two keys: public (RSA-2048) and private (AES CBC-256) are generated. The private key is stored in the remote servers controlled by the hackers. UltraCrypter ransomware appends .cryp1 extension to the names of the encrypted files. 3 files of ransom note are created: [Victim’s personal ID].txt is dropped in every folder of encrypted files, [Victim’s personal ID].bmp replaces the desktop wallpaper and [Victim’s personal ID].html is loaded every time the browser is launched. The size of the ransom demanded for is 1.2 BTC which equals to 655.95 USD at the current time. But the amount can be doubled if the transfer of the payment is not received within a given time period. The cyber criminals also make an offer to decrypt one of the selected files to prove you that they have the decryption key. The ransom note embeds TOR’s, a dark website purchasing ransomwares, link. Which should be followed to contact the cyber crooks and have the file restored. This file cannot be larger than 512 KB. TOR’s link should also be used to have all your data decrypted. Of course, you have to make the payment at first.

How does UltraCrypter Ransomware Locate on Your Computer?

First and foremost, UltraCrypter ransomware trojan is spread through spam e-mails and their attachments pretending to be official letters from official institutions or companies (e.g. from Tax Inspectorate, etc.). Either the links in the e-mails or their attachments are infected with malicious codes. This crypto-virus is distributed by exploits kits as well, namely, Angler EK and Bedep EK. These hacking tools targets Java and Adobe Flash Player vulnerabilities to inject malware.

How to Decrypt Files Encrypted by UltraCrypter Ransomware?

Alas, there are no decryptions tools available at the moment. Kaspersky has developed working decryptors for the previous versions of this ransomware. At the moment security experts are working hard on this. Yet you can apply data recovery tools such as the products of the same Kaspersky Lab, R-studio or others.

Update: the decrypter is now available at here: link. You can download it for free and successfully decrypt your files.

UltraCrypter file encryptor deletes Shadow Volume Copies. Thus, you will not be able to use Shadow Volume Copy Service. We highly recommend to back up your data in external hard drives or to make use of external storage services (e.g. Cloud Storage, etc.) in the future. To remove this ransomware virus employ reputable malware removal software such as Reimage, SpyHunter, Malwarebytes or StopZilla. Follow the removal guide of UltraCrypter ransomware below.


Manual removal


Important Note: Although it is possible to manually remove UltraCrypter ransomware, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on 2-viruses.com.

External decryptor:

About the author

 - Main Editor
I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.
May 31, 2016 08:45, March 14, 2017 06:54

3 thoughts on “UltraCrypter ransomware

  1. I’ve used SpyHunter to remove this ransomware. But don’t think I’ll wait for the new Kaspersky decryptor to be released. Have Kaspersky recovery tools already proven to be helpful here?

  2. Hello. My files have been encrypted by Ultracrypter ransomware. I found out that there is a new TrendMicro application to recover my files, but it not working properly yet. is it better not to waste time with TrendMicro and use the tools you mention in your article?

  3. Try if it works. As long as there is working unencrypter there is no need to restore from backups/or deleted files.

Leave a Reply

Your email address will not be published. Required fields are marked *