Cybelium Ransomware

The Cybelium Ransomware is a threatening malware that can cause significant damage to the computers it is deployed on. The threat is designed to target a list of file types and render them unusable via a strong encryption process specifically. Victims will lose access to their documents, archives, databases, etc. During the encryption, the threat also will mark each affected file by appending '.cybel' to its original name. Finally, a ransom note with instructions will be dropped on the system's desktop as a text file named 'RECOVER ENCRYPTED FILES.TXT.'

Ransom Note's Details

According to the threat's message, apart from locking the victim's files, Cybelium also has deleted any backup copies that might have existed on the infected system. In addition, the hackers claim to have obtained a significant amount of private data that they threaten to expose to the public.

To establish contact and receive additional instructions, affected users are directed towards visiting a dedicated website hosted on the TOR network. They also are allowed to send up to 3 locked files for free decryption.

The entire ransom note delivered by Cybelium Ransomware is:

"RECOVER ENCRYPTED FILES.TXT" - is dropped onto the desktop.

-------=== Welcome to Cybelium ===-------

What happened?

Your computers and servers have been encrypted and have the extension: .cybel
Backup copies have been deleted. We use robust encryption algorithms, so you cannot decrypt your data.

But you can restore everything by buying a special program from us -General Decryptor. This program will restore your entire network.
We also download a lot of private data from your network.

If you do not contact us as in 3 days, we will post information about your violation on our public news website and then 10 days after all the downloaded information.

You can get more information on our page, which is located on a hidden Tor network.

How to get to our pageDownload the Tor browser: hxxps://www.torproject.org/

Install the Tor browser

Open link in Tor browser: imugmohnfb6akqz7jb6rqjusiw gnthjgm37mjygondgkwwyw3hwudkqd.onion

Follow the instructions on this page

What are the guarantees?
We value our reputation. If we don't do our job and responsibilities, no one is going to pay us. This is not in our interest.

All of our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems.

We guarantee the decryption of 3 files for free. Access the website and contact us.

We are ready:To provide evidence of stolen data

To provide a decryptor tool for all encrypted files.

To delete all stolen data.
When opening our website, put the following data in the contact form:

Your ID:

ATTENTION!
DO NOT ATTEMPT TO RETRIEVE FILES!
DO NOT MODIFY ENCRYPTED FILES!
OTHERWISE YOU CAN LOSE ALL YOUR FILES FOREVER!'