CyberDrill Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | September 26, 2017 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The CyberDrill Ransomware is an encryption ransomware Trojan that has been active since February 7, 2017. It is clear that the CyberDrill Ransomware was not a finished threat when it was first observed in February. Only in September 2017, PC security analysts have started to observe attacks involving a finished version of the CyberDrill Ransomware. The CyberDrill Ransomware is being distributed by taking advantage of poorly protected RDP connections (Remote Desktop Protocol). The CyberDrill Ransomware is one of the many variants of HiddenTear, an open source encryption ransomware engine that has been responsible for countless variants since it was first made available in 2015.
Table of Contents
How the CyberDrill Ransomware Attacks a Computer
The purpose of the CyberDrill Ransomware is to encrypt the victims' files, and the CyberDrill Ransomware attacks are targeting small and medium businesses specifically. The CyberDrill Ransomware will use AES encryption to make the victim's files inaccessible by encrypting their contents. The CyberDrill Ransomware will mark the files encrypted by the attack by adding the file extension '.locked' to the affected file's name. The CyberDrill Ransomware targets the user-generated files while leaving intact the files necessary for the Windows operating system to work. Some examples of the files types that are targeted in the CyberDrill Ransomware attack include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg, .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The CyberDrill Ransomware’s Ransom Demands
The CyberDrill Ransomware delivers a ransom note in the form of a text file named 'READ_IT.txt,' as well as a program window that is named 'Cyberdrill_2 Ransomware' after encrypting the victim's files. The full message that is included in the CyberDrill Ransomware's ransom notes reads:
'Ooops, your files have been encrypted
Files have been encrypted with Cyberdrill_2 Ransomware and many Users will not be able to access sites host...
This is not a joke, Check sites now.
Sites will be DDoS-ed starting in 48 hours if you don't pay only5 Bitcoins @ [RANDOM CHARACTERS]
If you don't pay in next 24 hours, attack will start, yor service going down permanently.
price to stop increase to 1 BTC and will go up 1 BTC for every day of attack.
POur attacks are extremely powerful. o cheap protection will help.
Bitcoin is anonymous, nobody will ever know you cooperated'
The CyberDrill Ransomware's ransom amount, close to 20,000 USD, is exceptionally high. This is another motive why computer users must refrain from paying the CyberDrill Ransomware ransom. The CyberDrill Ransomware, in its ransom note, claims that the victim's websites will become victims of DDoS attacks if the payment is not carried out in 48 hours. PC security researchers have not determined whether this is true, but advise computer users to take precautions.
How You can Protect Your Data from the CyberDrill Ransomware
The best protection against ransomware Trojans like the CyberDrill Ransomware is to have backup copies of your files. Having file backups on external memory devices is the best protection against most encryption ransomware Trojans. Having the ability to restore your files from a backup means that the people responsible for the CyberDrill Ransomware attack lose any leverage that allows them to demand a ransom payment. File backups, combined with the use of a reliable security program that is fully up-to-date can help protect most PCs against threats like the CyberDrill Ransomware.
