Cyclone Ransomware

The Cyclone Ransomware is a follow-up of the Noblis Ransomware, an encryption ransomware Trojan that was released on December 12, 2017. The Cyclone Ransomware was released only a few days later on December 16. The Cyclone Ransomware is virtually the same as its predecessor, and can be recognized easily because it adds the file extension '.Cyclone' to each file it corrupts on the victim's computer.

The Cyclone that Will Make Your Files Unusable

The Cyclone Ransomware is an encryption ransomware Trojan. These threats are designed to take the victims' files hostage, using an effective encryption algorithm so that the victim's files become inaccessible and then demanding the payment of a ransom from the victim in exchange for the decryption software that will be necessary to restore the affected files. The Cyclone Ransomware may be delivered to victims through the use of corrupted email attachments. Common ways of delivering the Cyclone Ransomware include using embedded links or compromised Microsoft Word files that include macro scripts that download and install threats like the Cyclone Ransomware onto the victim's computer.

How the Cyclone Ransomware Carries out Its Attack

Once the Cyclone Ransomware is installed, it runs as 'Crypter.exe' on the infected computer. The Cyclone Ransomware is designed to infect computers running the Windows operating system. The Cyclone Ransomware will make the victim's files inaccessible by using the AES 256 encryption. The Cyclone Ransomware will target the user-generated files, including photos, videos, and a wide variety of file types on the victim's computer. The file types that may be encrypted in a threat attack such as the Cyclone Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

After the Cyclone Ransomware finishes encrypting the victim's files, they will no longer be recoverable. To recover the victim's files, a decryption key is necessary, which the cybercrooks hold in their possession. Victims of the attack are urged to pay 0.005 Bitcoin (approximately 100 USD) in exchange for the decryption key. It is not advised to pay the Cyclone Ransomware ransom. The Cyclone Ransomware delivers its ransom message to the victim in the form of a program window, and a text file dropped on the infected computer. The full text of the Cyclone Ransomware ransom note reads:

'The important files on your computer have been encrypted with military grade AES-256 bit encryption.
Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key. This key is currently being stored on a remote server.
To acquire this key, transfer the Bitcoin Fee to the specified wallet address before the time runs out.
If you fail to take action within this time window, the decryption key will be destroyed and access to your files will be permanently lost.
WALLET ADDRESS: 1BJd8oipsaE16QGBhegj9wYfCMyYR143H7
BITCOIN FEE: 0.005'

The ransom associated with this ransomware Trojan shouldn't be paid. Instead, PC users should restore their files from a backup copy and use a security product that is fully up-to-date to ensure that this Trojan is removed completely.