CyberSplitter 2.0 Ransomware
Posted: December 14, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 12 |
First Seen: | September 23, 2016 |
---|---|
Last Seen: | December 16, 2019 |
OS(es) Affected: | Windows |
The 'CyberSplitter 2.0' Ransomware is an upgrade of the Cyber Splitter Vbs Ransomware. This Trojan was noted for locking the victim's desktop previously, generating extortion-based messages, and enciphering any available media files. The newest version of this threat contains improvements to that payload and can potentially block your local content permanently. Using safe Web-browsing habits, backing up regularly, and using anti-malware products to detect and delete the 'CyberSplitter 2.0' Ransomware beforehand all are recommended.
The Newest Split in Trojan Campaigning
2016 may be concluding, but threat authors have yet to slow down their development of new threats, with most products originating as updates or variants of preceding examples of threatening software. Although malware experts most often see samples of rental-based models like new versions of the Troldesh, smaller families, such as the Cyber Splitter Vbs Ransomware, also are active. This Visual Basic-based Trojan evolved into the 'CyberSplitter 2.0' Ransomware recently while keeping all of its old features.
The 'CyberSplitter 2.0' Ransomware's suspected infection vectors most likely are targeting computers used for personal purposes, instead of the business servers preferred as hostages by more experienced threat actors. Once it does gain system access, the 'CyberSplitter 2.0' Ransomware implements the following attacks, all of which leave symptoms only afterward:
- The 'CyberSplitter 2.0' Ransomware uses an unknown encryption algorithm (although malware experts suspect the use of AES-128) to encode your data, targeting documents, pictures, and other, media-based formats. Essential applications and the OS shouldn't be affected, although the affected content will be unreadable.
- The Trojan leaves identifiable markers for the encrypted content via the '.cyber splitter vbs' being inserted after the default extensions in every filename.
- The 'CyberSplitter 2.0' Ransomware's last significant function creates an HTML page containing its ransom message, asking victims to pay a Bitcoin fee (approx. 778 USD) for decoding and restoring their digital belongings. Some past versions of the same threat also use this attack to 'lock' the screen by preventing you from resizing, reducing or closing the message's window.
Keeping Your Funds from Being Split into an Extortionist's Wallet
Like its recent ancestor, the 'CyberSplitter 2.0' Ransomware doesn't build a decryption feature into itself. Based on the response of its threat actors, paying the ransom this Trojan demands may or may not give you a workable decryptor. Since malware experts have yet to confirm any third-party decryptor programs for the 'CyberSplitter 2.0' Ransomware's family, decoding any damaged files may not be a practical possibility.
Examples of potential distribution routes for the 'CyberSplitter 2.0' Ransomware include disguised spam e-mails, compromised freeware downloads, and EK-based drive-by-download on corrupted websites. Interacting with Web content cautiously, disabling scripts, and scanning your downloads diligently can help detect and remove the 'CyberSplitter 2.0' Ransomware without giving it a chance to cause any harm. Malware experts also find most backup storage solutions highly effective against this category of threat.
As smaller families of Trojans continue growing, PC owners will need to keep updating their security solutions in response. Letting even one Trojan like the 'CyberSplitter 2.0' Ransomware through your defenses can have a cost that's even more expensive than its ransom price.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.