CloudSword Ransomware

The CloudSword Ransomware is a ransomware Trojan that seems to target both English and Chinese computer users, due to the languages used in the CloudSword Ransomware's ransom note. The CloudSword Ransomware first appeared in January 2017. After infecting a computer, the CloudSword Ransomware displays a ransom note titled 'Warning警告.html,' which accuses the victim of copyright infractions and states that the files were encrypted as punishment. The CloudSword Ransomware demands the payment of a ransom in exchange for the decryption key, a typical tactic used by most encryption ransomware Trojans. Unfortunately, the files encrypted by the CloudSword Ransomware cannot be recovered without the decryption key, making it necessary for computer users to take precautionary steps to limit the damage that may be caused by these attacks.

How the CloudSword Ransomware Attacks a Computer

The CloudSword Ransomware uses a strong encryption method that combines the AES and RSA encryption algorithms to make the affected files completely unrecoverable. If computer users do not have backup copies, that means that a CloudSword Ransomware infection can result in permanent data loss. Because of this, the single most important prevention method to help minimize the damage from ransomware Trojans like the CloudSword Ransomware is to ensure that there are backups of all files. The CloudSword Ransomware targets a wide variety of file types, including the following (note the presence of files associated with video game saves and mods, often not present in other ransomware threats):

.accdb, .arch00, .bson, .d3dbsp, .DayZProfile, .dbfv, .divx, .docx, .epub, .forge, .hkdb, .hplg, .html, .ibank, .java, .jpeg, .layout, .mcgame, .mdbackup, .menu, .mpeg, .mpqge, .mrwref, .pptm, .rofl, .sc2save, .sqlite, .syncdb, .text, .unity3d, .vfs0, .wotreplay, .xlsb, .xlsx, .ztmp.

The CloudSword Ransomware’s Ransom Note and Payment

The CloudSword Ransomware delivers a ransom note that warns the victim that it is necessary to pay the CloudSword Ransomware ransom within five days to avoid permanent loss of the data. In its current state, the CloudSword Ransomware targets Chinese and English speakers, although it is not unlikely that the attack may be adapted to other languages if it proves successful. The following is the full text of the English-language version of the CloudSword Ransomware ransom note:

Warning
Because you violated Digital Millennium Copyright Act, all your important files have been locked
You must pay "+Network.amount+" bitcoin to the address below within five days, otherwise your unlock key will be lost forever
Network.getAddress()
To unlocked your files and find instructions, go to
***dw2dzfkwejxaskxr.onion.to/chk/""
If you are using Tor, go to
If you don't know how to get bitcoins, go to
***renrenbit.com ***coinbase.com
Or email "+Network.email+"
Do not try decrypt yourself or use other tools
Here lists all encrypted files:
REMINDER: You have only FIVE days to make full payment

Dealing with and Protecting Your Computer from the CloudSword Ransomware

The most common method used to distribute threats like the CloudSword Ransomware is the use of corrupted file attachments delivered using spam email messages. Because of this, prevention of the CloudSword Ransomware attacks begins by ensuring that computer users are well-educated on spotting and thwarting these tactics. Computer users should avoid opening any unsolicited email attachments and confirming their content, even if they appear to come from a trusted source (which may have been compromised). Apart from caution, it is essential to have a reliable security program that is fully up-to-date. A reliable anti-malware application can detect the CloudSword Ransomware before it is installed, stop the macros used to install this threat on the victim's computer or intercept the CloudSword Ransomware's encryption routines.

However, apart from security software and caution when handling emails, the best precautions against the CloudSword Ransomware and other ransomware is having backups of all files. If computer users can recover the affected files from a backup copy, then they no longer have any reason to acquiesce to the CloudSword Ransomware's ransom demand. This makes attacks like the CloudSword Ransomware completely ineffective (and once backups become standard, it will diminish the extent of ransomware attacks greatly).

SpyHunter Detects & Remove CloudSword Ransomware