Cyberone Ransomware
The Cyberone Ransomware is a malware threat designed to lock the data of its victims. Victims will discover that they could no longer access or use any of the impacted documents, archives, databases, images, photos, audio and video files, etc. The goal of the attackers is to extort their victims for money, in exchange for a decryptor tool and key that could potentially restore the affected files to their previous state.
Users or companies affected by the Cyberone Ransomware may not have to pay anything to get their data back. The threat is a variant of another malware known as MafiaWare666. The encryption of this ransomware strain was analyzed by cybersecurity researchers who have managed to create and subsequently release a free decryption tool.
When the Cyberone Ransomware encrypts a file, it also adds '.cyberone' to that file's original name. The threat delivers two ransom notes to the infected devices. The main message will be shown in a pop-up window, while a secondary note will be contained inside a text file named '_RECOVER__FILES.cyberone.txt.' Both ransom notes state that the victims must pay 1 Bitcoin (BTC) as ransom, which is worth over $20,000 at the current exchange rate of the cryptocurrency. However, the notes do not mention the crypto-wallet address to which the money is supposed to be transmitted. This could be a sign that Cyberone is still under development.
The text displayed in the pop-up window is:
'Your files (-) have been encrypted!
In order to recover your data…Please send 1 Bitcoin(s) to the following BTC address:
NEVERSENDMONEY
Next, E-mail your transaction ID to the following
info@cyber-one.io'
The text file contains the following message:
'All of your files have been encrypted.
To unlock them, please send 1 bitcoin(s) to BTC address: NEVERSENDMONEY
Afterwards, please email your transaction ID to: info@cyber-one.ioThank you and have a nice day!'
