Ultimo Ransomware
Posted: September 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 13 |
| First Seen: | September 13, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Ultimo Ransomware is a file-locking Trojan built from the Hidden Tear's source code. The Ultimo Ransomware can make your files, such as documents, illegible by encrypting them, and also creates messages asking you to pay for their recovery. Users should run their anti-malware programs to disinfect their PCs and delete the Ultimo Ransomware before resorting to free decryption solutions from trusted security organizations to unlock any media as necessary.
One Trojan's Imperfect Union
A threat actor with the user profile name of 'Daniel' is designing another version of Hidden Tear with the apparent intent of deploying it against the public. This Trojan, the Ultimo Ransomware, includes a mixture of unique and misappropriated branding, along with a sharp limitation on how long the victim has to respond. The Trojan's attacks encode the media of infected PCs before asking for payments in crypto currency, similarly to most versions of Hidden Tear.
The Ultimo Ransomware disguises itself as a fake Western Union tracking number (or MTCN), which Daniel may be attaching to instant messages or email spam currently. A successful installation lets the Ultimo Ransomware begin encoding media such as documents, pictures, spreadsheets, or archives with an AES-based algorithm. Then, it creates a Notepad file that it places on the user's Windows desktop directly.
The Ultimo Ransomware text instructions give the victim a working ID number, a Bitcoin wallet address for receiving payments, and static extortion values of 0.022 Bitcoins within two days. Both the cheapness of the Ultimo Ransomware's ransom (under one hundred USD in value) and the terseness of its pay timing make it more likely than not that 'Daniel' intends to attack recreational users, rather than workplace environments. The note is in English, although many threat actors default to that language for achieving maximal compatibility for a minimum of work. Malware experts also noticed unusual formatting choices in the Ultimo Ransomware's message such as embedded hyperlinks and a non-standard background coloration.
The Ultimate in Removing the Ultimo Ransomware's Potential for Financing
All file-locking threats, regardless of their origins, can be defended against by users keeping their valuable media in inaccessible, protected locations. For such purposes, malware researchers recommend external storage devices that can be left unattached to all network-accessible systems particularly. For situations without any backups available, victims should consider testing copies of any locked content with Hidden Tear decryptors that can reverse-engineer the Ultimo Ransomware's cipher.
Even in these initial stages of its operations, the Ultimo Ransomware also provides a clear idea of how its author plans to circulate it. Fake invoices, memos, and other content related to financial transactions are often responsible for distributing the file-locking Trojans of many families. Always scan any potentially compromised downloads, such as email attachments so that your anti-malware programs can remove the Ultimo Ransomware before it begins attacking your files.
There are always two sides to blame in a lapse in the safety of your PC: the remote attacker and the user who's taking insufficient security measures. Confirming whether or not a document is what it claims to be before opening it is a step that can prevent the Ultimo Ransomware from turning your negligence into its money.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.