Cyber Ransomware Encrypts Files
The malicious program called Cyber is a form of the Chaos ransomware that our researchers discovered during their analysis of new ransomware samples.
Once the Cyber ransomware is executed on a test system, it will start encrypting files and adding a ".Cyber" extension to the end of their filenames. For example, "1.jpg" becomes "1.jpg.Cyber" and "2.png" becomes "2.png.Cyber".
Additionally, the desktop wallpaper changes and a ransom note titled "read_it.txt" is generated, informing victims that their important files, such as databases, documents, and photos, have been encrypted and that they will need to pay a ransom in Bitcoin (BTC) to decrypt them. The ransom note offers the option of testing decryption on three files for free before paying the ransom, but the provided contact information "firstname.lastname@example.org" is most likely invalid, as it should have contained a valid email address but was neglected.
The ransomware's wallpaper displays the same information and demands a ransom of 100 USD worth of Bitcoin cryptocurrency, with different contact details that are unclear whether they belong to the attackers or developers of the ransomware.
Cyber Ransom Note Keeps it Short
The full text of the ransom note used by the Cyber ransomware reads as follows:
Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :
1) Write on our e-mail :email@example.com ( In case of no answer in 24 hours check your spam folder
or write us to this e-mail: firstname.lastname@example.org)
2) Obtain Bitcoin (You have to pay for decryption in Bitcoins.
After payment we will send you the tool that will decrypt all your files.)
How is Ransomware Like Cyber Usually Distributed?
Ransomware like Cyber is usually distributed through various methods such as phishing emails, malicious attachments or links, software vulnerabilities, fake software updates, and exploit kits. Phishing emails often contain infected attachments or links that when clicked or downloaded, execute the ransomware. In some cases, attackers may exploit software vulnerabilities to gain access to a system and deploy the ransomware.
Fake software updates are another common method used to trick users into installing malware. Exploit kits are software tools used by attackers to exploit vulnerabilities in a system's software and deliver malware such as ransomware.