Cyberresearcher Ransomware
PC security researchers started noticing the Cyberresearcher Ransomware, an encryption ransomware Trojan, in April 2018. The Cyberresearcher Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible and then demanding the payment of a ransom since they will need a decryption application to restore the affected files. The Cyberresearcher Ransomware belongs to a large family of ransomware Trojans based on HiddenTear, an open source ransomware Trojan that has been responsible for countless variants of this tactic. The Cyberresearcher Ransomware, like other ransomware Trojans, is commonly delivered to victims through the use of spam email attachments, which will contain macro scripts that download and install the Cyberresearcher Ransomware onto the victim's computer.
Table of Contents
A Cyberresearcher that will Work against You
Threats like the Cyberresearcher Ransomware use the AES encryption to make the victim's files inaccessible. They will target the files generated by the users rather than the Windows system files or applications since they require the victim to still being able to use the affected computer to make a ransom payment. The files that are commonly targeted by these attacks include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Threats like the Cyberresearcher Ransomware also will stop the Windows file recovery mechanisms, such as the Shadow Volume copies and the System Restore points, which are all deleted by threats like the Cyberresearcher Ransomware, apart from encrypting victims' files. The Cyberresearcher Ransomware marks the files it encrypts with the file extension '.CYBERRESEARCHER', making them easy to identify.
The Cyberresearcher Ransomware’s Ransom Note
The Cyberresearcher Ransomware delivers a simple HTML file that contains the Cyberresearcher Ransomware's ransom note. The full text of the Cyberresearcher Ransomware's ransom note, contained in a file named 'READ_IT.html' reads:'
'Your files have been encrypted by CYBERRESEARCHER
Send 2.5 Btcoins to [34 RANDOM CHARCTERS]
Your files will be deleted permanently if the Bitcoins are not sent in the next 48 hours'
Unfortunately, once the Cyberresearcher Ransomware encrypts the files, they will not be recoverable without the decryption key, which will cost close to 20,000 USD at the current exchange rate. However, unless there is not another option, computer users shouldn't pay the Cyberresearcher Ransomware ransom since, besides its outrageous amount, it will encourage the creation of these threats. Furthermore, the Cyberresearcher Ransomware does not provide any contact information for the victim, making it clear that these people have no intention of helping victims of the attack recover their files after the Cyberresearcher Ransomware payment is made. Instead of paying the Cyberresearcher Ransomware ransom, computer users need to take preemptive steps to protect their data from threats like the Cyberresearcher Ransomware.
Protecting Your Data from the Cyberresearcher Ransomware
The best protection against threats like the Cyberresearcher Ransomware is to have file backups save on cloud storage or a portable drive. Computer users also should have a trustable security program, which can intercept threats like the Cyberresearcher Ransomware before they carry out their attacks. A combination of strong security software with backup measures can help prevent ransomware attacks like the Cyberresearcher Ransomware and limit the extent of the damage that may result from them. Since the Cyberresearcher Ransomware is commonly spread using spam email messages, learning to handle these contents safely also is essential.
