Uyit ransomware is yet another version of the Djvu/STOP ransomware. It adds .uyit to encrypted files, hence why it’s dubbed Uyit ransomware. The different ransomware versions from this family can be identified precisely by the extension that they add to encrypted files. The ransomware encrypts all personal files, adds .uyit to them, and asks $980 for a decryptor in order to decrypt them. Paying the ransom to cybercriminals is not recommended because it does not ensure that a decryptor will be sent.


Uyit ransomware note


Files will be immediately encrypted once the ransomware is initiated. It will display a fake Windows update window the entire time files are being encrypted in order to prevent victims from realizing what’s going on. The ransomware will encrypt documents, photos, and videos. The encrypted files will have the .uyit extension added to them. For example, when encrypted, image.jpg would become image.jpg.uyit.

Uyit ransomware file

All folders that have encrypted data will have a _readme.txt ransom note. The note is quite generic but it does provide information on how to get the decryptor required for file recovery. The decryptor costs $980, but the note also explains that victims who contact the cybercriminals within the first 72 hours will receive a 50% discount. It’s impossible to know whether that is true or not without paying the ransom. But you should be aware of the risks if you are thinking about paying the ransom. The most crucial point to stress is that, even if you pay the ransom, there are no guarantees that a decryptor will actually be sent to you.

If you have a backup of your files, you can start file recovery after you fully delete Uyit ransomware from your computer. It is strongly recommended to use a trustworthy anti-virus tool for this to prevent further damage to your computer. Once the ransomware has been completely eliminated, you can safely connect to your backup.

Unfortunately, only users who have backups can currently recover files for free. If you haven’t backed up your files, your only choice is to wait until a free Uyit ransomware decryptor is released. However, it’s unclear when or even if that will happen. Each user has a unique key since the Uyit ransomware encrypts files using online keys. A free Uyit ransomware decryptor probably won’t be developed until the keys are made public by cyber criminals. You can try using the free Djvu/STOP decryptor produced by Emsisoft, but even if it’s worth a try, it’s unlikely that it will work on your files unless they have been encrypted with a key Emsisoft has.

Ransomware distribution methods

Malware can enter your computer in a variety of ways. It typically happens as a result of bad online habits. We strongly advise taking the time to develop better browsing habits because you are much more likely to infect your computer with malware if you open unsolicited email attachments or click on random links.

You have an increased chance of picking up malware if you use torrents to pirate copyrighted content (or if you pirate in general). Many torrent sites are full of malicious torrents because they are usually poorly moderated. You will end up with malware if you do not know how to spot a malicious torrent. Torrents for content related to entertainment are especially prone to malware. Specifically torrents for TV shows, movies, and video games.

Additionally, emails are regularly used to spread malware. When users open malicious attachments, they essentially initiate the infection. You should be able to identify malicious emails if you know what to look for because they are typically pretty obvious. The most glaring red flag in emails supposedly sent by legitimate businesses is grammar and spelling mistakes. Malicious actors generally do not speak good English, so their emails frequently have obvious spelling and grammar mistakes. Companies will try to prevent such mistakes as much as possible, especially in emails that are generated automatically.

Another thing to watch out for is how an email addresses users. If an email appears to be from a company whose services you use yet it addresses you as a “User”, “Customer”, “Member”, etc., it is very likely a malicious email (or at least spam). Companies will always address their customers by name in official correspondence since it makes an email seem more personal.

You should also always carefully verify the email address of a sender. Because malicious emails are regularly sent from email addresses that seem random, that is a dead giveaway. In more sophisticated attempts, the sender’s email address would look more legitimate, which is why you should always research that the sender’s email address actually belongs to whomever the sender claims to be.

Finally, it’s important to remember that malicious emails can occasionally be far more sophisticated. When a person is directly targeted, and cybercriminals have access to their personal data, the malicious email would be quite convincing. They would be error-free, address the target by name, and even include some information that would lend the email greater credibility. It is important to always use VirusTotal or anti-virus software to scan unsolicited email attachments for an infection.

How to delete Uyit ransomware

Always use antivirus software while dealing with ransomware. Do not try to manually remove Uyit ransomware because you run the risk of further damaging your computer. Use a good anti-malware program to delete Uyit ransomware fully. Once the ransomware has been completely removed, you can access your backup to start the file recovery process.

If you don’t have a backup and don’t want to pay the ransom, your only choice is to wait for a free Uyit ransomware decryptor to become available. But as we’ve already noted, it’s unclear whether or when it will be released. Also keep in mind that if you can’t find the decryptor on a legitimate website like NoMoreRansom, you won’t find it on a random forum.

Uyit ransomware is detected as:

  • Win32:BotX-gen [Trj] by AVG/Avast
  • Trojan.GenericKD.63963969 (B) by Emsisoft
  • A Variant Of Win32/Kryptik.HRTQ by ESET
  • HEUR:Trojan.Win32.Packed.gen by Kaspersky
  • Trojan:Win32/Redine.LSF!MTB by Microsoft
  • Ransom.Win32.STOP.SMYXCKY by TrendMicro
  • Trojan.GenericKD.63963969 by BitDefender
  • Trojan.MalPack.GS by Malwarebytes

Uyit ransomware detections

Quick Menu

Step 1. Delete Uyit ransomware using Safe Mode with Networking.

Remove Uyit ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Uyit ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Uyit ransomware
Remove Uyit ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Uyit ransomware

Step 2. Restore Your Files using System Restore

Delete Uyit ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Uyit ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Uyit ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Uyit ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Uyit ransomware removal - restore message
Delete Uyit ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Uyit ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Uyit ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Uyit ransomware - restore init
  8. Choose the restore point prior to the infection. Uyit ransomware - restore point
  9. Click Next and then click Yes to restore your system. Uyit ransomware removal - restore message


More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply