CyberDrill Ransomware
Posted: September 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 93 |
| First Seen: | September 26, 2017 |
|---|---|
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The CyberDrill Ransomware is a Trojan that uses encryption to lock media on your PC, including PDFs, DOCs, TXTs and others. A CyberDrill Ransomware infection also includes symptoms such as the depositing of ransom-themed messages via either pop-ups or text files and changes to the extensions of any blocked data. All PC users should try to stop this threat preemptively or remove the CyberDrill Ransomware as soon as possible with appropriate anti-malware products, and recover any content through backups instead of paying a ransom.
Programs Merrily Drilling through Your Data
While threat actors have numerous options for crafting Trojans with non-consensual, encryption-based attacks, Hidden Tear still is a preferred resource, possibly due to nothing more than its absence of a price tag. Even though variants like the CyberDrill Ransomware may not see a fully-operated campaign with broad, public dispersal necessarily, coincidental exposure to such threats continues putting the files on random PCs at risk. Malware experts only are seeing the CyberDrill Ransomware in an in-development state, although the majority of its payload already works due to the accidental 'help' of Utku Sen.
Test versions of the CyberDrill Ransomware that its threat actor is uploading to generalized security databases include limited encryption attacks that target a user directory on the desktop, although minimal work could adjust the Trojan's location parameters. The CyberDrill Ransomware still encrypts files of the same formats already preferred by the original Hidden Tear, including text documents, spreadsheets, pictures and slideshows. The CyberDrill Ransomware adds a '.locked' extension onto the names of any files it blocks this way, which is a symptom that it shares with other Trojans, both Hidden Tear-derived and otherwise.
The CyberDrill Ransomware may generate pop-ups imitating the template of the '.wcry File Extension' Ransomware's family, but also creates extra ransoming warnings and instructions through plain text messages. Besides asking for Bitcoins and providing an email address for negotiating, they also provide a decryption code for restoring the user's files. However, malware experts consider it likely that the author will remove this solution from full versions of the CyberDrill Ransomware for compromising the public, as opposed to the test versions currently available.
Turning Off the Drilling that could Go Too Deep
Depending on its author's adjustments to the CyberDrill Ransomware's Hidden Tear-based encoding feature, any files that the Trojan locks may or may not be decryptable for free. Contact security researchers with experience with the HT family to determine if any available decryption freeware might be compatible with your media. However, maintaining a robust backup schedule using secure devices also is recommended by malware analysts for keeping your files as safe as possible from any Trojans with similar, data-enciphering capabilities.
Until its threat actor begins distributing a finalized build, the cost of the CyberDrill Ransomware's ransom and how it plans to distribute itself remains theoretical. Malware analysts often find that business entities compromise themselves through employees opening email attachments or using unsafe passwords, while recreational PCs are more likely of suffering from an infection through downloading illicit media. Most anti-malware programs that have optimal detection rates for Hidden Tear traditionally also should delete the CyberDrill Ransomware safely either before it can attack or after it's already infecting your computer.
Since the con artists are unlikely of finding any easier to use sources of encryption-based harmful code, Hidden Tear relatives like the CyberDrill Ransomware are going to continue appearing. Those who might be under attack can best protect themselves and their data by not putting all their valuables in one, easily assailable place.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.