Usam ransomware


Usam ransomware is a cryptovirus that belongs to the STOP / Djvu ransomware family 

Usam ransomware virus

Usam ransomware virus

Usam ransomware – a highly-malicious malware that locks the data on the Windows machine and blackmails victims to extort the money. The criminals behind this file-encrypting virus[1] are infamous hackers that have launched STOP / Djvu ransomware a couple of years back and managed to release 233 new versions of the same virus. 

The Usam virus is the latest Djvu version, which stands 233 on the list. First spotted in the middle of June 2020, the malware is actively distributed via software cracks, keygens, and unprotected RDPs. If the unsuspecting victim launches the ransomware payload, the virus immediately encrypts most of the non-personal files (music, videos, photos, documents, etc.) with the .usam extension, thus completely restricting the user’s access to them.

Unfortunately, .usam files cannot be decrypted for free. Even though there’s an official STOPdecryptor available for anyone, it is fully functional with the old Djvu versions that have been launched before the autumn of 2019. Based on the information provided on the _readme.txt file, the victims of this virus are supposed to transfer $490 in Bitcoins within 72 hours after having a conversation with criminals via [email protected] or [email protected] email.

Name  Usam
Lineage  STOP / Djvu
Classification   Ransomware
Extension  .usam files is a distinctive feature of this new Djvu strain
Emails  victims have to contact hackers via [email protected], [email protected] email, or @datarestore telegram account
Encryption/decryption  The virus uses an RSA encryption algorithm that generates unique online IDs that cannot be extracted. Cybersecurity experts keep looking for the flaws that would allow them to crack and leak IDs to help people decrypt .usam files. Note that the only reliable way to retrieve the locked files is to use backups.
Ransom Criminals demand people pay $490 or $980 ransom in Bitcoin cryptocurrency
Effect on the OS The ransomware-type viruses cause harm not only to personal files. This type of threat is programmed to cause multiple system infringements on Windows registries, bootup processes, and others.  Consequently, the system may start crashing, displaying errors, running into BSODs, etc. To prevent this from happening, take advantage of the Reimage Reimage Cleaner Intego repair utility
Elimination Ransomware files cannot be eliminated manually since it’s not possible to understand which of the running files are malicious. This process can be initiated with a robust anti-virus program only

Usam ransomware virus belongs to the Djvu family – this fact tells almost everything about the virus for the users who are interested in cybersecurity. In fact, all the variants that belong to this gang released after August 2019 are identical. Thus, taking a glance at its siblings, such as .kkll.nlah.pezi.covm, .zwer, and many others are more or less the same, except file extensions and (in some cases) email addresses of the criminals differ. 

If the Usam ransomware gets installed on the machine, first of all, it performs various changes on the Windows system with an intention to evade detection, ensure the successful launch of the encryption software, and grand persistence. For that, it may create malicious entries within %AppData%, %User% or %Temp% directories, run the PowerShell commands under administrative privileges to remove Shadow Volume Copies, disable AV program, and can download data-stealing Trojan Azorult as a secondary payload. These changes are not definite, thus dealing with ransomware means many problems with the system’s performance if Usam ransomware removal is not performed immediately. 

The successful Usam ransomware infiltration is followed by a complete lockdown of personal files and the informational note dubbed as _readme.txt presentation on the desktop and other system folders. The note says:

ATTENTION!

Don’t worry, you can return all your files!

All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WJa63R98Ku
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:

Seeing .usam files on the machine and have no access to personal files is a frustrating experience. However, paying the ransom is highly not recommended as you can unconsciously uncover personal details to criminals or experience another phony if criminals decide not to provide you with a functional Usam ransomware decryptor. 

If you have file backups, there’s no reason for you to worry. Remove Usam virus from the system using updated anti-virus software. Do not try to eliminate malicious entries manually as you can accidentally delete some core Windows entries and, subsequently, trigger more Windows malfunctions. 

Usam ransomware removal is a process that can only be performed with professional security software with an updated virus database. You can attempt to recover your encrypted files only after a full elimination of file-encrypting viruses. Our team has submitted a tutorial on how to decrypt .usam files without paying the ransom (at the end of the article). 

Usam crypto-ransomware
Usam is the name of the file-encrypting ransomware, which is the 233 variant of the STOP/Djvu gang

Usam crypto-ransomware
Usam is the name of the file-encrypting ransomware, which is the 233 variant of the STOP/Djvu gang

Alternative methods to unlock inaccessible .usam files

The main trait allowing to stand the Usam ransomware virus from the crowd is its distinctive file extension. Thus, if you have noticed that the icons of your files became all the same (plain white icon) with a unified .usam extension appendix, there’s no doubt that the file-encrypting Djvu family member has hacked your machine. 

Unfortunately, .usam file decryption is not possible without paying the ransom or using original file backups. If you have no backups or money to pay the criminals, there are very few changes that important work, documents, or family photos will be recovered. 

As we have pointed out, one of the ways to decrypt Djvu files, including .usam encrypted files is to use a free Emsisoft’s decryption software. However, don’t give a lot of traction to this software as it can only unlock files for the versions using offline IDs. If you don’t want to be dejected by the unsuccessful decryption process, you can check whether your files have been encrypted using offline or online IDs by opening C: drive and accessing SystemID.txt. This directory contains all encrypted data. If you see some entries with the names ending with “t1,” then the free Emsisoft’s decryptor might work. 

Otherwise, the .usam file virus can be eliminated using third-party data recovery tools like Data Recovery Pro, Shadow Volume Copies or System Restore feature. You can find a full guide for the decryption methods at the end of this article. 

IMPORTANT: criminals have launched a fake DJVU decryptor which may be found on various discussion forums, torrenting sites, or other sites. This decryptor not only fails to unlock files. In fact, it’s another ransomware that drops a malicious crab.exe file, which downloads new Zorab ransomware[2] and encrypts already encrypted files with .ZRB file extension. 

The most common ransomware distribution methods listed 

Hackers are using sophisticated methods to trick people into downloading malicious ransomware viruses. That’s a commonly known fact. However, millions of less tech-savvy people are still paying no attention to the websites they land on, to the content they download, to the ads they click, to the updates they download, and so on. 

Therefore, we keep trying to increase people’s consciousness and grow their perception of cybersecurity by publishing the news on how hackers spread their newborn viruses or what new means have been invented to distribute good-old cyber infections. The team of cybersecurity experts from Dieviren.de[3] has provided us with a list of most widely used Djvu ransomware distribution techniques, which is the following:

  • Djvu ransomware family is most frequently distributed via cracks, keygens, loaders, and similar tools. If you are about to download a software crack to hack the license of Windows, Adobe Acrobat, Adobe Photoshop, game keygens, etc. 
  • Fake software updates. If the machine is infected by a rather aggressive adware-type malware, web browsers can redirect to sites infected with malicious scripts or display infected ads that once clicked download ransomware payload. 
  • Malicious spam email attachments. People can receive catchy email messages that contain ZIP, PDF, Microsoft Word attachments that ask people to enable  Macros to view the content. DO NOT enable the supposed macros to open questionable attachments sent by unreliable senders. That’s a scheme used by hackers to spread ransomware, trojans, spyware, and other cyber threats. 

To protect yourself from ransomware attacks, you should rely on a reputable AV security suite, which has in-built real-time protection, email filter, and other additional features. 

Usam virus detection
Usam virus files can be detected by some AV tool while others do not recognize them as malicious

Usam virus detection
Usam virus files can be detected by some AV tool while others do not recognize them as malicious

Usam ransomware removal options: no manual removal possibilities

There is no option to remove Usam ransomware virus manually. Victims should understand that the virus initiates too many changes on the system and runs too many malicious processes to be detected and eliminated without the help of professionals.

Although you can find some malicious entries as they may suck up CPU resources or display errors, there are very few chances that you will be allowed to disable any of them manually. Usam virus grants itself administrative privileges and, therefore, all related files are run “legally.”

Having this in mind, we strongly recommend you make a cold copy of the .usam files using a USB stick, external hard drive, or cloud and then perform a full Usam removal using an automated anti-virus program. For this purpose, you should use Malwarebytes, SpyHunter 5Combo Cleaner, or another reputable anti-malware suite. 

Upon ransomware elimination, try to recover Windows system to the previous state by restoring Windows registry entries, startup files, and core processes. For that, take advantage of the Reimage Reimage Cleaner Intego recover tool. Finally, you can try to retrieve the locked files using alternative methods listed below.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

The government has many issues in regards to tracking users’ data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

This entry was posted on 2020-06-16 at 04:10 and is filed under Ransomware, Viruses.