Uyari Ransomware Removal Guide

Do you know what Uyari Ransomware is?

Uyari Ransomware is a malicious infection that has a rather narrow geographical target. “Uyari” means “warning” in Turkish, and from that, we can already see that this application mainly affects users in Turkey. Nevertheless, it does not mean that it is less dangerous than other ransomware infections. If you encounter this application, you have to remove it from your computer immediately. Please take all the precaution measures that would help you terminate Uyari Ransomware properly. After all, your computer’s security should be your utmost priority. And a ransomware infection is no joke.

Our research team has tested this program in our internal lab, and they have found that the Uyari Ransomware is based on an open-source Hidden Tear ransomware. It is not the first infection that is based on that open source code. We have already covered the EduCrypt Ransomware that is also using the same code, although EduCrypt is a rather lame excuse for a ransomware application because, supposedly, it is there “teach you a lesson.” Either way, the Turkish version we are dealing with now is a lot more dangerous and serious than the other program based on the same open source code. Therefore, you have to treat it accordingly, too.Uyari Ransomware Removal GuideUyari Ransomware screenshot
Scroll down for full removal instructions

The latest flood of ransomware programs encompasses what is known as crypto ransomware. It means that the programs encrypt user files using powerful algorithms. Uyari Ransomware is no exception. The program makes use of the AES-256 algorithm to encrypt your files. When the encryption is complete, all the affected files have the .locked extensions attached. Also, our security researchers point out that although the ransomware comes with the word “CryptoLocker” in the ransom notification, it does not seem to belong to that infection family. Nevertheless, it is still a dangerous threat everyone should be wary of.

In order to avoid getting infected with this ransomware, you should stay away from unfamiliar email messages. This program gets distributed via spam email attachments. For example, some of the messages may look like the real deal. The spam campaigners are very good at impersonating legal financial institutions, as they want the unsuspecting users to download and open supposed “invoices,” while in fact, those are the installer files. Once such a file is launched, Uyari Ransomware starts working immediately because it does not create a copy of itself anywhere. The ransom note appears within 5 or 10 minutes after the launch.

You will soon see that Uyari Ransomware targets all the files with these extensions: .txt, .rar, .jpeg, .jpg, .pdf, .sql, .png, .accdb, .xls , .xlsx, .doc, .docx, .ppt, .pptx, .zip, .gz, .tar, tib, .tmp, .frm, .dwg, pst, .psd, .ai, .svg,. gif, .bak, .db. To put it simply, almost all of the most commonly used files will be affected by this. What’s more, the program will also create a file the .windowsServiceEngine extension in the %USERPROFILE% directory. Our research team thinks that this file is used by the program to validate the infection.

To tell you more about the ransom, Uyari Ransomware will leave an .html file on your desktop. Clicking the file, you will open your browser, and it will have a ransom note in Turkish, demanding that you pay 2BTC (which is around ~$1300USD) for the decryption key. It is not recommended to pay the ransom fee because it is very likely that the program will not issue the decryption key. Also, as the program is fairly new, there is no decryption tool available online at the moment. Nevertheless, you should still remove this infection from your computer ASAP, and then restore your files from a backup.

The ransomware endemics are one of the main reasons computer security experts strongly recommend creating a backup for all of your files on an external hard drive. If you already have one, please bear in mind that you should not keep it plugged in all the time. Ransomware programs can encrypt all of your mapped drives! That is why it is not just about the security program that you have installed on your PC. It is also about what habits you employ online and offline. Be sure to protect your system in all the ways possible, and if you think you have missed something, leave us a comment just to be sure.

How to Remove Uyari Ransomware

  1. Press Win+R and type regedit. Click OK.
  2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  3. Right-click the WindowsServiceEngine value on the right pane. Delete it.
  4. Remove the last .exe file you have launched.
  5. Delete the .html ransom note from your desktop.
  6. Scan your PC with SpyHunter.

In non-techie terms:

It is never a party when you get infected with a malicious program, and Uyari Ransomware is one of the nastier ones. Nevertheless, it is still possible to remove it from your system and protect your computer from similar intruders in the future. Just make sure that you take all the precautions to avoid other ransomware applications, and do not hesitate to invest in a legitimate antispyware tool that would safeguard your system against other potential threats. Do what is best to you and your system.