Cylance Ransomware Targets Both Windows and Linux
Our team of malware researchers discovered ransomware named Cylance, which is designed to encrypt files and prevent victims from accessing their data. Once installed on the system, Cylance adds the ".Cylance" extension to the original file names and creates a ransom note named "CYLANCE_README.txt." The ransomware targets both Windows and Linux operating systems, and modifies file names in a similar fashion, such as renaming "1.jpg" to "1.jpg.Cylance" and "2.png" to "2.png.Cylance."
It is important to note that the ransomware has no connection to Cylance enterprise cybersecurity, which offers endpoint security services to its customers. The ransom note informs victims that all their files are encrypted and advises them to follow the instructions given to recover their data. The attackers state that they are only interested in financial gain.
The ransom note offers to decrypt one file for free to demonstrate their ability to return the files. The note also cautions against using any third-party software or antivirus solutions, as they may damage the private key and result in data loss. The note provides two email addresses (crypter@firemail.de and helper@firemail.de) that victims can use to contact the threat actors.
Cylance Ransom Note Offers to Decrypt a Single File
The full text of the Cylance ransom note goes as follows:
Cylance Ransomware
[+] What's happened?
All your files are encrypted, and currently unsable, but you need to follow our instructions. otherwise, you cant return your data (NEVER).[+] What guarantees?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, we decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. time is much more valuable than money.[+] How to cantact with us?
Please write an email to: Crypter@firemail.de and Helper@firemail.de
Write this U-ID in the subject: 9cz9eXn9zKey:
!!! DANGER !!!
DON'T try to change files by yourself, DON'T use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!
How Can You Protect Your Important Data from Ransomware Like Cylance?
To protect your important data from ransomware like Cylance, you can take several measures, including:
- Back up your data regularly: Keep a copy of your important data on an external hard drive or in cloud storage so that you can recover your data if it gets encrypted by ransomware.
- Use anti-malware software: Install and regularly update anti-malware software on your computer to detect and prevent ransomware infections.
- Be cautious of suspicious emails and attachments: Avoid opening emails from unknown sources, and do not click on suspicious attachments or links in emails.
- Keep your operating system and software up-to-date: Install the latest security patches and updates for your operating system and software to prevent ransomware from exploiting vulnerabilities.
- Use strong and unique passwords: Use strong passwords and two-factor authentication to protect your accounts from unauthorized access.
