CILLA Ransomware Description
Most ransomware threats that get spotted in the wild are copies of already existing data-locking Trojans that are well-established in the world of cybercrime. One of the most recently spotted ransomware threats is called CILLA Ransomware, and it belongs to the Globe Imposter Ransomware family.
Propagation and Encryption
Authors of ransomware threats use various propagation techniques to spread their threatening spawns. It is fair to say that the most popular infection vector when it comes to the distribution of file-encrypting Trojans is spam emails. Usually, the attackers will send spam emails en masse with the goal of infecting as many computers as possible. The spam email would often contain a fraudulent message that aims at convincing the user to execute the attached file. Authors of ransomware tend to attach a macro-laced document to the fake email. If the users fall for their lies and open the attached document, their systems will be compromised. Other commonly used propagation methods include bogus application downloads, fake pirated software and media, torrent trackers, etc. As soon as the CILLA Ransomware infiltrates a system, it will make sure to scan the files present on the computer. Ransomware threats tend to target a very wide variety of file types, as this ensures maximum damage and increases the chances of the victim paying up the ransom fee. When the CILLA Ransomware triggers its encryption process, all the targeted files will be locked swiftly. When a file gets encrypted by the CILLA Ransomware, its extension will be changed because this Trojan adds a ‘.CILLA’ extension to the end of the file name. For example, a file, which was named ‘white-beast.mp3’ initially, will be renamed to ‘white-beast.mp3.CILLA’ after the CILLA Ransomware locks it.
The Ransom Note
As soon as the encryption is completed, the CILLA Ransomware will place its ransom note on the victim’s desktop, as well as in the folders that contain encrypted data. The ransom message of the attackers is contained in a file named ‘how_to_back_files.html.’ The authors of the CILLA Ransomware do not make it clear what the exact ransom fee is. However, the sum will be demanded in the shape of Bitcoin. The attackers claim that as long as the victims pay the ransom fee demanded, they will receive the decryption key they need to recover the locked data.
We can assure you that even if you give in and pay the ransom fee that the attackers are demanding, there is absolutely no guarantee that you will receive the decryption key that you need to get your files back. This is why, instead, you should consider investing in a legitimate anti-virus software solution that will aid you in removing the CILLA Ransomware from your PC and make sure you never find yourself in a similar situation again.