KnowBe4 gets regular calls from system admins who found us on the internet that are between a rock and a hard place. Backups failed and they have no way to revert to normal files. Worse, there is now a ransomware strain called UltraDeCrypter which simply does not deliver the unencryption routines after you pay. We have tried this twice, and two out of two they took the money and ran.
I'm sure that these crooks are incurring the wrath of the other criminal players in the ransomware racket, but in the meantime if you see this screen and have no backups, you are truly hosed. Here is what the ransomware looks like that does NOT post the decryption file once you pay:
The system recognizes your payment but will not release decryption, instead victims are told the ransom has been doubled! The criminals behind it have even started a help desk available on the payment site to support victims that have issues.
UltraDeCrypter is the newest version of the infamous CryptXXX ransomware first seen in April that dropped information stealers on infected machines and even stole Bitcoins. There have been multiple issues with the payment system on both versions. The first two versions even had such major encryption flaws that Kaspersky released a free decryption method. This new version unfortunately doesn't have a free decryptor at this time.
If you're infected with UltraDeCrypter or CryptXXX and you have come to the conclusion that you need to pay the ransom, we would strongly advise you to hold off at least until it is known that these payment issues have been resolved.
Ransomware Hostage Rescue Manual
Get the most complete Ransomware Manual packed with actionable info that you need to have to prevent infections, and what to do in case you're hit with the nasty UltraDeCrypter or some other nasty ransomware strain..
Don't like to click on redirected buttons? Cut & Paste this link in your browser: