Uta Ransomware

What is Uta Ransomware?

It is crucial to have files backed up outside their original location. Uta Ransomware proves that. This malicious infection encrypts files, and if it does that successfully, the attackers behind it are free to make any demands. Those who have backups can easily replace the corrupted files once they remove the infection. However, if backups do not exist, the victims might be more willing to do whatever the attackers want them to do. Most likely, that would entail paying money in order to obtain decryption software or tools. Even though that is what the attackers might have promised you already, you want to be very cautious about what you do. Unfortunately, you are unlikely to get the decryptor if you follow the instructions of cybercriminals behind the ransomware. Therefore, we want to focus on deleting Uta Ransomware. Hopefully, you have backups that can replace the encrypted files, and so you do not need to worry about what could happen to your documents, photos, videos, and other personal files.

How does Uta Ransomware work?

Uta Ransomware was created using the Crysis Ransomware (also known as Dharma Ransomware) code. It has been used to build Save Ransomware, MGS Ransomware, Masodas Ransomware, and hundreds of other infections alike as well. That being said, the attackers might be different, and that is why the distribution of this malware might be quite unpredictable also. Nonetheless, you are much likelier to evade this malware if you delete suspicious spam emails, ignore strange pop-ups, update applications and the operating system, stay away from unreliable downloaders, and disable remote access. If Uta Ransomware slithers in, you might not even notice when the files are encrypted. After encryption, all corrupted files should have the “.id-{ID code}.[jacklee@airmail.cc].uta” extension added to their names. Can you remove this extension? Yes, you can. Would that restore your files? No, it would not. The extension is just a marker, and it is meant to help you see which were hijacked without you having to try to open them. The one file you should have no trouble opening is the “FILES ENCRYPTED.txt” file on the Desktop.

The text file created on the Desktop states this: “all your data has been locked us You want to return? write email jacklee@airmail.cc or jacklee73@mail.ua.” Clearly, it looks as if the attacker wrote this message in a rush or without a care. Ultimately, the message is clear: the attacker wants you to contact them. If you have done this already, it is likely that you have been instructed to pay a ransom that, allegedly, would help you obtain a decryptor. First of all, you must be very careful about what might be sent to your inbox because once cybercriminals confirm an active email account, they can continue flooding it with phishing emails. Second, you need to think long and hard if you decide that paying the ransom requested by Uta Ransomware is a good idea. Yes, at the time of research, it was not possible to restore files manually or using legitimate tools, but that does not mean that the decryptor offered by the attackers is your only hope. Unfortunately, you are unlikely to obtain this tool regardless of your actions. For your own sake, we hope that you have backups. If they are stored on a cloud storage platform or an external drive, remove Uta Ransomware first because you do not want your backups affected.

How to delete Uta Ransomware

We have created a guide to help you remove Uta Ransomware manually, but, unfortunately, we cannot help you identify the most important component of this threat – the launcher file. It could be anywhere, and so if you cannot find it yourself, it might be a good idea to install an anti-malware program. If it is legitimate and trustworthy, it will find and delete Uta Ransomware in no time. If other infections exist – and note that, in some cases, ransomware is executed by Trojans and malware downloaders – they will be eliminated also. To keep your operating system guarded against new infections, you want to keep the chosen anti-malware program installed and up-to-date because it will ensure that your system is protected 24/7. Of course, do not forget that your own action could lead to the infiltration of malware, and so you MUST be careful too.

Removal Guide

1. If you can identify the launcher of the infection, right-click and Delete it.
2. Simultaneously tap Win and E keys on the keyboard to access Explorer.
3. Type %APPDATA% into the field at the top and then tap the Enter key.
4. If you can find the file named Info.hta, you should right-click and Delete it.
5. Move to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\.
6. Right-click and Delete the file named Info.hta.
7. Also, right-click and Delete a malicious .exe file with a ransom name.
8. Go to the Desktop and then right-click and Delete the file named FILES ENCRYPTED.txt.
9. Empty Recycle Bin and then run a full system scan to look for malware leftovers. Download Removal Tool100% FREE spyware scan and
   tested removal of Uta Ransomware*