Threat of the month: Ukash ransomware

Share this article:
What is it?
What makes this threat unique is the effective use of localization and the impersonation of a law enforcement body. It highjacks the computer and holds it hostage for payment.

How does it work?
The malware is a PE file distributed via email or downloaded by other malware. It replaces the Explorer.exe file on the system and blocks GUI access to the file system and taskbar. A graphic is presented claiming the computer has been used to commit an act of terrorism. A demand for payment is levied in the form of a fine.

Should I be worried?
This attack vector is working throughout Europe. The bug removes the original Explorer.exe file, but doesn't target data. Recovery is possible by restoring the original Explorer.exe file via the command line and deleting the malware executable.

How can I prevent it?
Awareness goes a long way. Plus, performing regular backups will limit the impact if data is targeted.
Share this article:
close

Next Article in Research

Sign up to our newsletters

POLL

More in Research

Is SIEM up to the challenge?

Is SIEM up to the challenge?

This latest ebook from SC Magazine paints a lucid picture of today's SIEM capabilities and challenges to help you decide what might be the right implementation for your organization.

The Game is On: Advanced Persistent Threats

The Game is On: Advanced Persistent Threats

APTs give IT teams headaches, because they are extremely stealthy in nature and are almost always aimed at a very specific target. On the other hand, they are designed to ...

Mobile in motion

Mobile in motion

In this latest ebook from SC Magazine, we examine a number of strategies and technologies that can be implemented to manage data and protect corporate assets, while letting employees enjoy ...