Cephalo Ransomware
The Cephalo Ransomware is a file-locking Trojan that may pretend that it's a Windows component before locking your documents and other media. The Cephalo Ransomware payload includes a ransom note that warns the victims of the collection of underage erotica from their computer, although malware experts can't confirm the presence of these, more advanced functions. Users should ignore any ransoming demands, let their backups restore their files, and delete the Cephalo Ransomware through anti-malware solutions.
Trojans with Their Eyes on Shaming Fetishists
Pedophiles are easy targets for Trojans who use social engineering for shaming their victims into paying ransoms, as readers might know, already, from the Polish POLICJA!!! Ransomware, the Levis Locker Ransomware or the PornBlackmailer Ransomware. 2019 has another addition to this pile: the more modernized Cephalo Ransomware, which pretends that it's a part of Windows before it accuses its victims of criminal behavior. While some AVB products identify the Cephalo Ransomware as a version of Hidden Tear, malware experts can't confirm this and suspect that the Cephalo Ransomware is a new program.
The Cephalo Ransomware uses fake Windows Management Instrumentation executables for its installers, which may be distributing throughout compromised ad networks or freeware websites. The Windows Trojan can, after gaining system access, encrypt and block over sixty formats of files, such as AVI movies, backups, Word's DOCs or JPG pictures. It also appends 'ceph' extensions to every file's name, which is a feature that most Trojans of this kind have for differentiating themselves from competing ones.
The text ransoming message of the Cephalo Ransomware has a less traditional attribute, however. Besides asking for 125 USD in Bitcoins, the instructions claim that the campaign is targeting downloaders and sharers of underage pornography. Even more boldly than that, it also threatens with releasing the harvested contents of the PC's Web-browsing history and credentials to the public, including screen captures, search history, webcam footage, etc. Like similar social engineering tactics, the Trojan gambles on frightening ashamed users into paying up before they realize the drawbacks.
Computers Under Attack by Illicit Erotica
The social pressure that the Cephalo Ransomware's ransom note uses suggests alternative means of distribution for its campaign, although one that malware experts see in similar threats occasionally. Trojans targeting adult media consumers can circulate on adult websites or advertisements for those sites, as well as through file-sharing networks like torrents. Users encountering the Trojan in these circumstances may find it using the disguise of an adult video whose name matches the description of its blackmail warning.
Whatever its traversal method is, anti-malware products of most brands are identifying the file-locker Trojan heuristically. The PowerShell-based threat uses an LNK-based dropper, and users should be careful around files matching that format that aren't from trustworthy links especially. The removal of the Cephalo Ransomware by an anti-malware product can protect your media from any more damage, but unlocking them is a questionable possibility.
Prurient interests are a watering hole for societal free spirits, but also predators. The Cephalo Ransomware reminds PC owners that prey can consist of file data, as much as anything else.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.