Cip Ransomware Joins the Dharma Ransomware Family

Ransomware is a malicious software that blocks users from accessing their system and encrypts the files. The ransomware then demands payments in exchange for releasing the encrypted files. Ransomware is usually planted on the user's device through a malicious file typically disguised as a legitimate software update, online video game, or music player. It could also arrive in the form of an email attachment, which claims to contain important information - such as a relevant document.

The Cip Ransomware is one of the latest file-encryption Trojans, and it appears to be closely related to the Dharma Ransomware family. Victims of its attack are unlikely to be able to restore their data for free and, instead, they will need to resort to alternative data recovery options. Keep in mind that Cip Ransomware's creators claim to offer a decryption service in exchange for a payment, but you should not trust this promise.

Cip Ransomware

The ransomware drops the ransom note 'info.txt' and makes sure to also change the names of all files it locks. To do this, it uses the extension '.id-<VICTIM ID>.[ciphercrypt@tuta.io].Cip' extension. If you notice these changes on your computer, then it might be too late to stop the attack. To recover from a ransomware attack is not easy, especially when dealing with a high-profile ransomware family like Dharma. In this situation, we advise victims to run an antivirus scanner to assist them with the removal of the Cip Ransomware. Then try restoring from a backup, or explore other data recovery options.

January 20, 2022