'.cheetah File Extension' Ransomware
The Cheetah Ransomware is a file-locker Trojan that can threaten your files by encrypting them so that they will not open. While these attacks don't harm the system's operating system intentionally, work and recreational media are at risk of the Trojan's holding them for a ransom. Users can always recover from a remote backup and can use anti-malware products for preventing infections or deleting the Cheetah Ransomware appropriately.
Painting New Problems for Windows Users
The Trojan referable by the name of the BigBobRoss Ransomware is one of the few file-locker Trojans lacking a trackable connection to either Hidden Tear or Ransomware-as-a-Service families like the Scarab Ransomware or the Dharma Ransomware. Now, however, it may be adopting a 'son' with the name of the Cheetah Ransomware. Early speculation by cyber-security specialists suggests a relationship between these two, orphan threats, which have similar code compositions and ransoming directions.
The Cheetah Ransomware is, of course, like BigBobRoss Ransomware, a Windows-based threat and uses encryption as a core attack for blocking files. Documents such as Notepad TXTs or Word DOCs, JPG, GIF or BMP pictures, MP3 or MP4 audio, AVI movies, and RAR or ZIP archives offer an illustrative selection of the formats that are most likely of being included in the Cheetah Ransomware's filter list and, therefore, attacked. Malware experts can't confirm the Cheetah Ransomware's using the same encryption strategy as its apparent ancestor, AES-128 ECB, and victims should consider providing samples to the security industry for a complete analysis.
The Cheetah Ransomware's main cosmetic reference point to BigBobRoss Ransomware is the sharing of a ransom note template. The Cheetah Ransomware does use a different e-mail address for communicating, but this change is typical of most updates to a file-locker Trojan. On the other hand, the other details, such as the 'free sample' and formatting of the Bitcoin demands, are identical.
There may be a free decryptor that's compatible with the Cheetah Ransomware if it uses the same algorithms as the non-secure build of BigBobRoss Ransomware. Malware experts recommend copying any files before testing an 'unlocking' program, which can cause more damage if it applies the incorrect decryption.
Outracing a File Predator
While malware experts can't finalize the genealogy of the Cheetah Ransomware's tiny family tree, whether or not it is a relative of BigBobRoss Ransomware affects the decryption services, but not the opening gambit of locked digital media. Additional ID strings on these captive files could be an indication of updates in the Cheetah Ransomware that could suffice for defeating any current decryption solutions that are available to the public for no charge.
Although malware researchers recommend all users have backups for data security, the Cheetah Ransomware's campaign is, currently, most pertinent to residents of Belgium. Belgian-based attacks may reference companies, such as shipping or banking institutions, that are local to that country, and use native language templates for tricking victims into clicking a drive-by-download attachment. Anti-malware products of most brands, still, should detect these threats and remove them or the Cheetah Ransomware when it's necessary.
The Cheetah Ransomware is racing towards a Bitcoin-based profit that Windows users should do their best for denying it. No matter how hard a Trojan works, a properly-secured backup, always, should be just out of its reach.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.