CA ISBU has come across an interesting ransomware that blocks internet access of an infected system.

                                                         [ Figure 1 – Russian Ransomware GUI ]

English translation

Internet access is blocked due to violation of the
license agreement schedules of uFast Download Manager
You must activate your copy

Get a registration code by sending an SMS with the following
code fw0004199 to number 7122

In response you will receive an activation message.

Enter the activation message received from the SMS response  ________

CA detects this ransomware as Win32/RansomHover.A.

This malware was found to be bundled with software named uFast Download Manager. During our investigation the following activities were  observed: 

• Bundled software was installed in the system without informing the user.
• Using the uninstaller program will not remove the ransomware screen from the desktop or other installed components. 

 These activities are considered to be a violation, and the installed component is considered as potentially unwanted program 

                                                              [Figure 2 – Bundled application "uFast Download Manager"]

CA ISBU created an activation code generator for this particular ransomware.

Note:
It can create activation code only for ransomware detected by CA as Win32/RansomHover.A.

                                                               [Figure 3 – Unlocked Desktop]

English Translation

Activation successful! Internet access is now unlocked

We recommend users to be extra aware of cyber security incidents and keep their CA security products updated to help protect their system from this kind of malware.

Related ransomware links

• Ransomware Taking Legal Action on Copyright Violation
• Ransomware and free access to an erotic video
• LoroBot Ransomware Unlock Price $100
• Activation code for SMS Ransomware variant
• A Peek Inside SMS Ransomware
• Many Faces of Ransomware
• Ransomware – Windows Antivirus Pro