Cyron Ransomware

The Cyron Ransomware is an encryption ransomware Trojan. The Cyron Ransomware, like other threats of the same type, is designed to encrypt the victim's files to demand a ransom payment. Ransomware Trojans like the Cyron Ransomware take the victim's files hostage.

A Ransomware’s Name that Express Its Intentions

The Cyron Ransomware may be delivered to victims through the use of spam email attachments. These file attachments may take the form of Microsoft Word files with enabled macro scripts that download and install the Cyron Ransomware onto the victim's computer. These files are distributed in email messages that use social engineering techniques to trick computer users into accessing the attached file and downloading it onto their computers. Once the Cyron Ransomware has entered a computer, it will encrypt the victim's files and display an alarming lock screen.

The Cyron Ransomware is Reminiscent of Older Police Ransomware Variants

Before encryption ransomware Trojans became extremely popular, police ransomware Trojans were the most common ransomware variants. These infections are designed to trick computer users into believing that law enforcement has blocked access to their computers, claiming that the ransom payment is some legal fine. The Cyron Ransomware displays a program window with the message 'CyroN is a product of a law enforcement agency looking to block access to sites hosting child pornography.' Of course, this does not make sense. The penalty for such an offensive crime as trafficking with child pornography is not a mere 50 Euros payment but, rather, years of jail time and fines of thousands of dollars.

How the Cyron Ransomware Tactic Works

The Cyron Ransomware demands a ransom payment of 50 Euros using a payment method that was also favored by older police ransomware attacks, the use of Paysafecard codes. Today, most encryption ransomware Trojans demand payment using Bitcoins. The Cyron Ransomware combines the police ransomware tactic with an encryption attack, which makes the victim's data inaccessible. The Cyron Ransomware targets most popular file types while avoiding the files necessary for the operating system to continue functioning. The Cyron Ransomware marks the files encrypted by its attack with the file extension 'CYRON,' added to the end of each affected file. Currently, it seems that it is possible to restore files encrypted by the Cyron Ransomware attack in certain cases.

The Cyron Ransomware displays the following ransom note, threatening the victim by claiming that child pornography was found on the infected computer after encrypting the victims' files:

'CYRON INSTALLED
We have locked your Computer in this regard until the Police visited you.
We detected Children Pornsites in your Browser History
ComputerInformation:
User: [YOUR ACCOUNT NAME]
Antivirus: [AV VENDOR NAME]
IP address: [YOUR REAL IP]
You dont have a Key already?
No Problem you can buy it via E-Mail
Enter Key to unlock your Computer and get your Deleted Files back:
[TEXT BOX] [TryKey|button]
Just write an E-Mail to ProjectCyRoN@candymail.de
After you send us a PaySAfeCard with 50€
and your ComputerInformations that we know
what target we have to send the Key
[ShutDown|button]
We the government's July 31 order directing Internet Service Providers (ISPs) to block 857 porn sites after Additional Solicitor General Pinky Anand conveyed to the Department of Electronics and Information Technology (DeitY) the Supreme Court's observation that "appropriate steps" were needed against pornographic sites, especially those featuring child pornography. So now we developed CyRoN that doing our work a lot easier, for example, we detected 349 pedophiles in 2 weeks.'

Dealing with a Cyron Ransomware Infection

First of all, you should ignore the threats in the Cyron Ransomware's ransom note. There is no connection between the Cyron Ransomware and the law enforcement or the government. This is merely a tactic designed to scare inexperienced computer users. A reliable security program can remove the Cyron Ransomware, and backup copies should be used restore the affected files.