Cyberresearcher Ransomware
The Cyberresearcher Ransomware is a variation of Hidden Tear, a Trojan that can lock your files with the AES data encryption. This Trojan's attacks can keep you from being able to open documents and other, typical forms of recreational and workplace media, and may remove any local backups. Having appropriate backup security and anti-malware programs for deleting the Cyberresearcher Ransomware infections are the defenses most recommended by malware analysts.
Hidden Tear Gets Back into 'Research'
A threat actor is taking an unusual tack for hiding the identity of his Trojan: pretending that it's a research project. While this metadata obfuscation has yet to confuse any AV vendors, casual PC users may fail to identify the Cyberresearcher Ransomware as being a threat until it locks their files. Even more confusingly, the Trojan's author is running the file-locking program with a code that was for nothing more than research and education: Utku Sen's Hidden Tear.
The Cyberresearcher Ransomware variant of Hidden Tear remains small, with an executable size of just over two hundred kilobytes. Its associated file data includes numerous references to the string 'Cyberresearcher,' as does its HTML-based ransom note. Despite this attempt to confuse its identity, the Cyberresearcher Ransomware is detectable as being threatening by most anti-malware products correctly, although malware experts only find several correctly labeling it as being a Hidden Tear re-release.
The Cyberresearcher Ransomware locks the user's files with an AES encryption routine, and, through this attack, it can block content that includes documents, pictures, and other media that the Windows OS doesn't require for running automatically. Once it does so, the Cyberresearcher Ransomware also creates a local Web page demanding two and a half Bitcoins for unlocking your files. Note that this fee is equal to twenty thousand dollars, which makes the cost of the decryption service expensive incredibly, especially, relative to the security of the Trojan.
Keeping the Con Artists from Researching Your Files
With the sub-optimal hard-coding of its configuration options, lazy attempt at hiding its goals as software, and, apparently, no research done into its extortion demands, the Cyberresearcher Ransomware has all the signals of being an amateur threat actor's work. Hidden Tear variants, including not just this Trojan, but also ones as different as the BrainLag Ransomware, the Explorer Ransomware, and the very recent Horros Ransomware, usually are compatible with free decryption software that can unlock your files without a ransom.
Other information available to malware researchers implies that the Cyberresearcher Ransomware may circulate itself with a fake 'Virus Scan' download, which could attack users via corrupted advertisements or a dedicated website, such as a free gaming domain. Having your anti-malware tools analyze downloads before opening them can identify threats like the Cyberresearcher Ransomware immediately. Most of these products also should delete the Cyberresearcher Ransomware without giving it a chance of locking any media.
The con artists are as interested in tricking the anti-malware industry as they are their direct victims, even if their tactics are no more complicated than using inaccurate metadata. Ideally, most new members of Hidden Tear's collective will be as simple as the Cyberresearcher Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.