Uyari Ransomware Removal Guide

If your computer has been hit by Uyari Ransomware, it is most likely that you live in Turkey. This is the first ransomware we have seen that only targets Turkish computer users. Once you initiate this infection, it only takes a few minutes for it and all your major files will be encrypted and inaccessible. In order to be able to use your files again, you are supposed to transfer the relatively high ransom fee these crooks try to extort from you. You may believe that your only chance to see your files again is to pay this fee, but you should not forget that you are dealing with criminals who may not keep their word. Although this is a very new malware threat, it is actually based on a former infection called Hidden Tear Ransomware, which is an open-source project designed for security specialists to study this type of infection. For this reason, there is a chance that a free file recovery tool will hit the web shortly that could save those users who refuse to pay and have no backup copy. In any case, we believe that you should remove Uyari Ransomware immediately because otherwise you will not be able to use your computer properly as this infection will restart with every reboot.

User reports and our research also show that this malware is distributed in spam e-mails. These mails have an attachment that is the malicious executable file itself disguised as an image, video, or text file. You may think that you would never open such a mail, let alone download such a file attachment. But let us tell you that it is still quite possible because these spam mails can be very convincing and deceiving. You may get a mail seemingly from FedEx or other famous delivery services with a subject like “parcel delivery error” or from your Internet provider regarding an allegedly “unsettled payment.” The subject of these spam mails can be anything that could make sure that you would consider it urgent to check the mail as well as the attachment. Although there could be spams that actually trigger the drop of the infection the moment you open them, in this case the activation takes place when you try to open the downloaded file.

Another trick criminals tend to do is the use of exploit kits. We cannot say that Uyari Ransomware uses this method but there are a number of ransomware infections that attack unsuspecting computer users this way; therefore, we believe that it is important to mention this so that you can avoid similar threats in the future. If you do not keep your browsers and drivers (Java, Flash Player, QuickTime) regularly updated, you could infect your machine with serious threats by simply visiting certain malicious websites that use exploit kits through banners and other content that can run JavaScript or other codes to drop infections onto your computer. We hope that it is clear that you should be very careful about opening your mails and also keep all your programs and drivers updated so that cyber criminals cannot easily exploit known security holes and bugs. It should also be clear now that you must delete Uyari Ransomware as soon as you realize it has penetrated your system.

We have discovered that this is not the first malware that is based on the Hidden Tear Ransomware. The previous variants include 8lock8 Ransomware and GhostCrypt Ransomware. This new variant creates a file with an empty name and just an extension called ".windowsServiceEngine" in the %USERPROFILE% directory as well as a Run registry entry with “WindowsServiceEngine” value name. Once activated, this ransomware attacks your documents, pictures, archives, and databases with these extensions: .txt, .rar, .jpeg, .jpg, .pdf, .sql, .png, .accdb, .xls , .xlsx, .doc, .docx, .ppt, .pptx, .zip, .gz, .tar, tib, .tmp, .frm, .dwg, pst, .psd, .ai, .svg,. gif, .bak, and .db. This malware uses the most frequently applied algorithm called AES-256, but unlike most of its peers, this ransomware takes a bit longer to encrypt your files, which can mean anything from 5 to 10 minutes.

Since Uyari Ransomware does not pop up a ransom note after it finishes the encryption, you can only realize its presence from seeing that the kidnapped files will have a “.locked” extension. Do not think for a second, though, that changing the file names back to original will in any way restore them. Unfortunately, without the decryption key you have no chance to recover and use your files; at least, not at the time of writing this article, which could change in the near future as a free tool may appear on the web to help you decipher your files. Another way to notice its presence is to find "DOSYALARINIZA ULAŞMAK İÇİN AÇINIZ.html" on your desktop, which is the Turkish language ransom note.

This file informs you about the encryption and that you are to pay 2 Bitcoins, which is about $1,100, if you want to use your files again. Of course, the usual information is also given about Bitcoins, how to buy them, and how to transfer the money. We believe that this is a rather high fee compared to the usual 100 to 500 US dollar fees. Thus, you should also think about whether your files are worth this much at all. If you only have some old pictures and unimportant documents that are victims of this infection, it may not be worth paying the ransom. To be quite frank, we do not believe that it is a good idea to pay in any case. These criminals may not even keep their promise and you would only flush your money down the toilet. Nevertheless, this is your choice to make. We still suggest that you remove Uyari Ransomware ASAP.

Please use our guide below if you feel up to the task to manually delete this ransomware infection. It is not really complicated so even if you are an inexperienced user, you could accomplish it in a few minutes. It is possible to protect your computer from similar and other malware infections as well, as you may have learnt from our report. However, the best protection you can give to your PC is still an automated anti-malware program. We recommend that you do a deep research to find a reliable security tool, such as SpyHunter, and you will have peace of mind finally in your virtual world.

Remove Uyari Ransomware from Windows

1. Tap Win+E to open File Explorer.
2. Find the downloaded malicious executable file and bin it.
3. Delete the "DOSYALARINIZA ULAŞMAK İÇİN AÇINIZ.html" file from your desktop.
4. Empty the Recycle Bin.
5. Tap Win+Q and type in regedit. Press the Enter key.
6. Locate the Run key ("HKCU\Software\Microsoft\Windows\CurrentVersion\Run") and delete the value name "WindowsServiceEngine"
7. Close the Registry editor and restart your machine.