Home Malware Programs Ransomware Uta Ransomware

Uta Ransomware

Posted: October 18, 2019

The Uta Ransomware is a release from Dharma Ransomware, a family of file-locking Trojans. Although threat actors can distribute these variants in many ways, the Trojans always block their victims' files with encryption and attempt extorting ransoms afterward. Proper attention to one's backups can form the backbone of a free recovery, while anti-malware programs can remove the Uta Ransomware and limit its damage potential.

The Song of a Ransom-Craving Trojan

It should shock no one that Ransomware-as-a-Service is maintaining a reasonable rate of growth, with new versions of the STOP Ransomware, the Dharma Ransomware, and other families arriving regularly. The Uta Ransomware is the latest release from that second family, with early samples in the sights of an independent security researcher. Like its kin, it uses attacks that can deprive users of their most valuable data.

Despite using the Japanese word for 'song' in its brand, the Uta Ransomware is targeting English users, just like the Group Ransomware, the Nqix Ransomware, the Php Ransomware or the Save Ransomware. It uses AES and RSA encryption as a weapon for blocking files, such as documents, Web pages, archives, databases, spreadsheets, pictures and others. The 'uta' extension it adds to them is one part of the information it inserts into their names; other additions include an ID and an Airmail e-mail address.

Malware researchers also confirm the backup-deleting portion of the Uta Ransomware's payload, as per the norm for the Dharma Ransomware (and others, like the STOP Ransomware and the Scarab Ransomware). It issues CMD commands in a hidden window for wiping out the user's Shadow Volume Copies or the Restore Points. Such attacks can deprive unprepared users of the best recovery option for their files.

Silencing the Sound of Extortion by Encryption

Anyone can hire a Ransomware-as-a-Service, and their fees are affordable for months-long campaigns. Since malware researchers have little tangible evidence of the Uta Ransomware's live circulation, they only can estimate its most likely infection methods. File-locker Trojans can get their installations through threat actors targeting servers via brute-forcing their logins, by random, torrent-based infections, or in e-mail phishing attacks and spam. Many cases are opportunity-based and involve victims unintentionally inviting them by not maintaining proper Web security practices.

There is a free decryption service that's compatible with some, but not all members of the Dharma Ransomware family (also known as the Crysis Ransomware). Malware researchers never recommend depending on them, since encryption algorithms and keys are some of the most frequently-updated aspects of a Ransomware-as-a-Service. Saving non-local, secure backups will give a more natural means of overcoming the Uta Ransomware attacks than unlocking any files. The Uta Ransomware is singing a familiar tune, but not all of the lyrics are, yet, audible. The full song should never be heard since it can only end in the discordant notes of lost money and media.

Related Posts

Loading...