CyberSplitter 2.0 Ransomware

The CyberSplitter 2.0 Ransomware is under the title 'CyberSpLiTTer Vbs Ransomware 2.0' judging by its ransom notification. The CyberSplitter 2.0 Ransomware is a fully functional encryption Trojan that is injected into Windows computers using corrupted documents. Spam emails carrying macro-enabled documents are dispersed among users using spam bots and misappropriated email accounts. The distribution of 'CyberSpLiTTer' includes images and logos of trusted companies like PayPal and Amazon to increase the chance of users opening the dropper. When a user double-clicks macro-enabled documents, the CyberSplitter 2.0 Ransomware may be installed to the Temp directory.

The CyberSplitter 2.0 Ransomware is Based on the Infamous Hidden Tear Project by Utku Sen

Researchers alert that the CyberSplitter 2.0 Ransomware is ranked among threats like the Phoenix Ransomware and the Sage Ransomware. What makes the CyberSplitter 2.0 Ransomware a credible threat is that it is based on the Hidden Tear project and combines the AES and RSA ciphers to lock the files efficiently. The 'CyberSpLiTTer' Trojan can encrypt data stored on local and removable drives, as long as data is not under some protection such as a password and a read/write policy. Additionally, the CyberSplitter 2.0 Ransomware is programmed to delete the Shadow Volume Copies created by Windows for each drive attached to your PC. Researchers saw the following string in the CyberSplitter 2.0 Ransomware, which enables the Trojan to delete these copies:

C:\Users\User_name>vssadmin delete shadows /for={volume} /oldest /all /shadow={ID of the Shadow} /quiet

More than a Hundred File Types are Targeted by the CyberSplitter 2.0 Ransomware

The CyberSplitter 2.0 Ransomware is known to target commonly used data containers for pictures, music, videos, office documents, notes, databases and password vaults. The CyberSplitter 2.0 Ransomware is more than likely to corrupt the data featuring the following file extensions:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The ransom message is provided as an HTML file named 'READ@My,' which affected users can find on their desktops. Once the encryption procedure is complete, the CyberSplitter 2.0 Ransomware loads READ@My.html into the default Internet browser and shows the following notification:

'Your files have been encrypted
Send $1 BTC amount of the account is
decrypted your files
"Cyber SpLiTTer Vbs"
Send to account Bitcoin
[34 random characters]'

Decryption is Impossible without the Private Key, but there are Other Ways to Recover Your Data

Threats such as the CyberSplitter 2.0 Ransomware and the 'Xbotcode@gmail.com' Ransomware incorporate secure encryption mechanisms and decryption is impossible if you lack a private key. However, ransomware Trojans are virtually ineffective against PC users who know how to defend against these threats. Preemptive measures like installing a backup manager, saving copies of your data to unmapped drives (USB drives and CD/DVDs), as well as using a credible ant-malware shield can limit the opportunities for the CyberSplitter 2.0 Ransomware to damage your data. You may want to look into what services like Google Drive and Dropbox offer. Cloud storage services can be beneficial to your cyber protection considering that encryption Trojans can't lock data stored on Google Drive as long as you launch backup procedures manually.