Yet another new version of HiddenTear open source ransomware project – Ultimo Ransomware. This particular virus is currently using AES-256 cryptography algorithm.
As you might already know – ransomware infections are extremely lethal. Ultimo Ransomware ransomware is no exception, because this virus will lock your personal files and then as for a ransom to be paid in order to receive decryptor and unlock your files.
It is a common trait for HiddenTear ransomware to add .locked extension to locked files – FriedEx virus and CrY-TrOwX ransomware also features this trait.
Unluckily, Ultimo infection is not only targeted to lock your files, but your screen as well, therefore it can be categorised as screen locker too. After successful installation it will display full screen message and lock your desktop this way.
Encrypting all most popular file extensions
This ransomware infections is very dangerous because it can possibly affect all most popular file types – all your music, photos, videos text documents or other files that are stored on your computer.
First thing Ultimo Ransomware is going to do when uploaded to your computer – scanning hard drive for files that can be possibly encrypted. After the scan it will add .locked extension to every single one of them and you will be won’t be able to open that file after that. As we have mentioned before, this virus employs strong AES-256 encryption algorithm so it is extremely difficult to decrypt.
We have also mentioned that this virus will lock your screen, so after the infection it will display a full screen message with information about ransom payment and how to do that. Original message text:
Your files have been blocked
Your files is encrypted (AES 256). YOu need a individual key to unlock your files.
Instructions how to unlock:
1. Create a bitcoin wallet (coinbase, bitpay or any else_
2. Pay 50 usd to this wallet (bank card, transfer)
3. Send 50 usd (if you don;t know how many usd = btc – calculate with this website http://www.coindesk.com/calculator/ – for now 50 usd = 0.02 BTC
4. Okay, now get your wallet address and put in on the left side, below “If you already paid”
5. Click “unlock and remove the program”
6. That’s it.
Warning: If you already paid and you have information “We don’t have your payment yet”, you must waiting… (Usually max. 12h)
Crooks behind Ultimo virus demands you to create a bitcoin wallet and make payment using bitcoins. Why? Because cryptocurrencies like bitcoin are very anonymous, so it is much difficult to track the receiver.
As you can see, cyber criminals should provide you with unique decryption key after you pay a ransom of 50 USD. At the moment it equals around 0.005 BTC, yet they are asking for 0.02 BTC. Since bitcoin is on the rise, you will end up paying even more than 50 USD.
Even if 50 USD (or a little bit more) seems not like a big deal to you and you are willing to pay this amount just to retrieve your locked files, we actually do not recommend to do that. There are no guarantees that you will receive decryptor even after you pay the ransom – never trust cyber criminals.
Instead of that, you should other cyber security methods to clean your computer from viruses and restore your locked files.
How to remove Ultimo virus and protect your computer
You are probably wondering how this dangerous virus managed to get inside of your computer. Well, we don’t have a straight answer because there might be various scenarios. However, most popular distribution method for trojans and ransomware is spam campaigns, so you should look out for that.
Cyber criminals simply send millions and millions of emails to random addresses with malicious files added as attachment. While most of those letters end up in Spam folders, some of the users still open them and what’s even worse, they open attachments. After that, automatic upload of malicious files to your computer starts and there is no easy way back.
Unless, you have a strong, real-time security installed on your computer. We strongly recommend you to look at our reviews section and pick an application which would protect your computer from viruses like this.
In case it’s too late and you need to solve the problem of Ultimo Ransomware, first thing you need to do is to get rid of screen lock and boot your computer in safe mode. We have instructions how to do that:
After that, scan your computer with trustworthy anti-malware application, such as Spyhunter. Either one of them should detect and remove all files related to Ultimo virus instantly.
Unfortunately, it won’t unlock your files and no free decryptor for this particular ransomware is currently available. All you can do is try to restore your files from a backup file. If you have a backup copy of your hard disk that was made before the infection, please follow these instructions to do that.
In case you have any further questions, feel free to ask us in the comments section below and we will do our best to answer them all.
Automatic Malware removal tools