Threat Database Ransomware Cyber Police Ransomware

Cyber Police Ransomware

By GoldSparrow in Ransomware

The Cyber Police Ransomware is an encryption ransomware Trojan that was first observed on November 11, 2017. The Cyber Police Ransomware is being delivered to victims through the use of spam email messages with compromised file attachments. These files take the form of Microsoft Word documents with corrupted macro scripts that download and install the Cyber Police Ransomware onto the victim's computer. The Cyber Police Ransomware also may be delivered through social media spam messages and a variety of other methods. It is paramount to take precautions against the Cyber Police Ransomware and similar threats. These infections are designed to take the victims' files hostage, preventing victims from accessing their files, which become inaccessible after the Cyber Police Ransomware encrypts them.

When the 'Police' is the Bad Guy

The Cyber Police Ransomware is based on HiddenTear, an open source ransomware engine that's available on underground forums freely. The Cyber Police Ransomware uses the AES 256 encryption combined with the RSA encryption to make the victim's files inaccessible. The Cyber Police Ransomware brand the files it compromises in its attack with the file extension .'locked,' making it clear which files have been encrypted. The Cyber Police Ransomware will encrypt files that are generated by the user while avoiding the files necessary for Windows to function. This is because the Cyber Police Ransomware and similar threats need the victim's operating system to continue working so that they can deliver a ransom note and extract payment from the victim. Examples of the file types that may be targeted by ransomware attacks like the Cyber Police Ransomware include:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Cyber Police Ransomware’s Ransom Note and Ransom Amount

The Cyber Police Ransomware demands a ransom of approximately 100 USD to be paid through Bitcoins, an online currency typically used in these attacks because it provides an anonymous payment method. The Cyber Police Ransomware delivers a ransom note with the following text to the victim's computer:

Your documents, photos, databases and other important files have been encrypted with strong encryption and unique key, generated for this computer. The private decryption key is stored on a secret internet server, and nobody can decrypt your files until you will pay fine and then obtain the private key.
Go to hxxp://www.localbitcoins[.]com and buy Bitcoins worth of 100$ with your favorite payment method. Then through your account, send Bitcoins worth about 100$ to our Bitcoin address: 1NiGZiFPRqGdxB7ZpbcVsRUVqLJ2SjLsuM and indicate your email to receive the private decryption key via your email.'

This ransom note will show up as a pop-up program window on the victim's computer.

Dealing with the Cyber Police Ransomware

The Cyber Police Ransomware shows up on the infected computer running as an executable file named 'adobe.exe.' Unfortunately, once the Cyber Police Ransomware has encrypted the victim's files, they become unrecoverable. The best prevention against attacks like the Cyber Police Ransomware is to use file backups to ensure that files can be recovered if they become compromised as a result of a Cyber Police Ransomware infection.


Most Viewed