CILLA Ransomware Description
Most ransomware threats that get spotted in the wild are copies of already existing data-locking Trojans that are well-established in the world of cybercrime. One of the most recently spotted ransomware threats is called CILLA Ransomware, and it belongs to the Globe Imposter Ransomware family.
Propagation and Encryption
Authors of ransomware threats use various propagation techniques to spread their threatening spawns. It is fair to say that the most popular infection vector when it comes to the distribution of file-encrypting Trojans is spam emails. Usually, the attackers will send spam emails en masse with the goal of infecting as many computers as possible. The spam email would often contain a fraudulent message that aims at convincing the user to execute the attached file. Authors of ransomware tend to attach a macro-laced document to the fake email. If the users fall for their lies and open the attached document, their systems will be compromised. Other commonly used propagation methods include bogus application downloads, fake pirated software and media, torrent trackers, etc. As soon as the CILLA Ransomware infiltrates a system, it will make sure to scan the files present on the computer. Ransomware threats tend to target a very wide variety of file types, as this ensures maximum damage and increases the chances of the victim paying up the ransom fee. When the CILLA Ransomware triggers its encryption process, all the targeted files will be locked swiftly. When a file gets encrypted by the CILLA Ransomware, its extension will be changed because this Trojan adds a ‘.CILLA’ extension to the end of the file name. For example, a file, which was named ‘white-beast.mp3’ initially, will be renamed to ‘white-beast.mp3.CILLA’ after the CILLA Ransomware locks it.
The Ransom Note
As soon as the encryption is completed, the CILLA Ransomware will place its ransom note on the victim’s desktop, as well as in the folders that contain encrypted data. The ransom message of the attackers is contained in a file named ‘how_to_back_files.html.’ The authors of the CILLA Ransomware do not make it clear what the exact ransom fee is. However, the sum will be demanded in the shape of Bitcoin. The attackers claim that as long as the victims pay the ransom fee demanded, they will receive the decryption key they need to recover the locked data.
We can assure you that even if you give in and pay the ransom fee that the attackers are demanding, there is absolutely no guarantee that you will receive the decryption key that you need to get your files back. This is why, instead, you should consider investing in a legitimate anti-virus software solution that will aid you in removing the CILLA Ransomware from your PC and make sure you never find yourself in a similar situation again.
Do You Suspect Your PC May Be Infected with CILLA Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like CILLA Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.