'cypher File Extension' Ransomware

The '.cypher File Extension' Ransomware is an encryption ransomware Trojan that was released in December 2018, not to be confused with other encryption ransomware Trojans released earlier that also use the '.cypher' file extension to mark the files encrypted by the attack. The '.cypher File Extension' Ransomware, like most encryption ransomware Trojans, is designed to keep the victim's files useless by using a strong encryption algorithm to make the victim's files inaccessible and then demanding payment for the decryption key needed to restore the affected data.

How the '.cypher File Extension' Ransomware Attacks a Computer

The '.cypher File Extension' Ransomware attack is typical of these threats. The '.cypher File Extension' Ransomware uses the AES encryption to make the victim's files inaccessible, typically targeting the user-generated files that correspond to commonly used document types, media files, configuration data, databases and numerous other file types. The '.cypher File Extension' Ransomware will typically target the files that possess the following file extensions in its attack:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Once the victim's files have been enciphered, the '.cypher File Extension' Ransomware delivers a ransom note in the form of an HTML file that contains a brief message. The '.cypher File Extension' Ransomware ransom note alerts the victim to find an encryption key left on the victim's computer and contact the criminals via email to receive payment instructions. The text of the '.cypher File Extension' Ransomware ransom note reads:

'Your files have been encrypted.

Await payment instructions.'

Computer users are instructed to refrain from contacting the criminals or paying any amount for the decryption key. Doing so typically puts computer users at risk for additional attack, and it almost never results in the return of the compromised data.

Recovering from a '.cypher File Extension' Ransomware Attack

The best way to ensure that your data is safe from threats like the '.cypher File Extension' Ransomware is to have backup copies of your data. These copies should be stored on the cloud or an external memory device. Apart from file backups, computer users should also have a reliable security program that is fully up to date on their machines, which can be used to intercept or remove the '.cypher File Extension' Ransomware threat before it carries out its attack. Unfortunately, however, security software is generally not capable of decrypting files encrypted by threats like the '.cypher File Extension' Ransomware.