Cyspt Ransomware

The Cyspt Ransomware is an encryption ransomware Trojan that was first observed on January 25, 2019. The Cyspt Ransomware seems to be a variant of the AresCrypt Ransomware, first observed in July 2018. The Cyspt Ransomware behaves like most encryption ransomware Trojans, taking the victims' files hostage and then demanding a ransom payment.

The Cyspt Ransomware will Compromise Your Most Valuable Files

The Cyspt Ransomware uses the AES encryption to make the victim's files inaccessible. The Cyspt Ransomware targets the user-generated files, such as media files, configuration files and databases. The files that can become compromised in the event of a Cyspt Ransomware infection include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

After the Cyspt Ransomware encrypts the victim's files, the Cyspt Ransomware delivers a program window titled 'Cyspt has locked your PC!!!!' The Cyspt Ransomware marks the files it encrypts in its attack with the file extension '.OOFNIK,' which is added to each affected file's name. The following is the full text of the Cyspt Ransomware ransom note:

'What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases, and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
In addition, your PC will be unable to close this without restarting, which will be fatal to your files.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But if you want to decrypt all your files, you need to pay.
You only have 24 hours to submit the initial, low rate payment. After that the price will be doubled. Also, if you don't pay in 3 days, you won't be able to recover your files forever.
How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click .
Please check the current price of Bitcoin and buy some bitcoins.
For more information, click . And send the correct amount to the address specified in this window.
To confirm the payment, send a message to cysptcc@gmail.com
Send your unique id, along with your Bitcoin account After your payment, click . Best time to check: 5:00 to 5:00 EST.
Once the payment is checked, you can start decrypting your files immediately.
Contact DO NOT REMOVE OUR SOFTWARE OR REBOOT.
THIS WILL RESULT IN AN AUTOMATIC REVOCATION OF OUR DECRYPTION SERVICES.'

Protecting Your Data from the Cyspt Ransomware

Malware analysts advise against paying the Cyspt Ransomware ransom. Instead, computer users should restore the files encrypted by the Cyspt Ransomware by replacing them from backup copies. A renowned security program that is fully up-to-date can be used to prevent the Cyspt Ransomware from being installed in the first place.