Threat Database Ransomware Cephalo Ransomware

Cephalo Ransomware

By GoldSparrow in Ransomware

The Cephalo Ransomware is a recently uncovered file-encrypting Trojan that has been circulating the Web. Malware experts that have studied it suspect that the Cephalo Ransomware may be a variant of the infamous HiddenTear Ransomware.

It is not yet known with full certainty what is the propagation method used in spreading the Cephalo Ransomware. However, experts suspect that the infection vectors employed in propagating the Cephalo Ransomware e may be mass spam email campaigns, faux application updates, and infected pirated software. If the Cephalo Ransomware infiltrates a system successfully, it will begin its attack by performing a scan. The goal is to determine what are the locations of the files which the Cephalo Ransomware has been programmed to target. Once this is done, the Cephalo Ransomware will begin encrypting the files targeted. Upon encryption, the files will receive an additional extension – ‘.ceph.’ For example, if prior to the attack you had a file called ‘ginger-cat.jpg’ after the file gets locked it will be renamed to ‘ginger-cat.jpg.ceph.’ Then, the Cephalo Ransomware will proceed to drop a ransom note by the name ‘_READ_ME_.txt.’ Cybercriminals often tend to name their ransom notes using all caps to increase the chances of the victim to spot their note and read their message. Weirdly enough, in the note, the attackers claim that their campaign is targeting pedophiles worldwide and threaten to ‘expose’ the victim unless they are paid to keep their mouths shut. They give a 72-hour deadline. The sum required is $125 in the shape of BTC. The attackers provide the address of their Bitcoin wallet.

You should avoid paying cybercriminals at all costs. It is likely they will not provide on their promises, and you will be left empty-handed. A safer approach is to make sure you obtain a legitimate antivirus suite which will remove the Cephalo Ransomware of your system.


Most Viewed