Cyborg Ransomware
The Cyborg Ransomware is a file-locking Trojan that can block your PC's media. Because most Trojans use secure encryption routines for this purpose, users should avoid unlocking or decryptor-based solutions to its attacks and have backups of their work, instead. Anti-malware products also should remove the Cyborg Ransomware safely, and safe administrative and browsing practices can cut down on your infection chances.
Russian Criminals Coming after Files and Money
A file-locking Trojan that might get confused with the Petya Ransomware or some versions of the STOP Ransomware's family is beginning its development, with its threat actor testing the Trojan against the detection heuristics of AV companies. Although the Cyborg Ransomware is targeting nothing more than a 'test' folder for locking content, future releases should change this limitation. Further attacks from the Cyborg Ransomware may block its victim's documents, pictures or other media throughout the computer.
The Cyborg Ransomware is a 32-bit Windows program whose executable is of a typical size of one megabyte. It includes several features that malware researchers find in other, unrelated Trojans regularly, all of which involve making money off of hampering and bullying the user:
- The Cyborg Ransomware encrypts files and stops them from opening, and may target some formats than others more explicitly, although it shouldn't damage the operating system.
- The Cyborg Ransomware creates extensions on the file names of these files, currently, with the text of 'petra.'
- The Cyborg Ransomware adds a ransom note to the desktop that announces its name and redirects users to its text instructions.
- Lastly, the text file gives demands for Bitcoin ransoms for a possible unlocking service.
The Cyborg Ransomware communicates in English, but the threat actor is using a Russian e-mail service. This link could be a placeholder or an indicator of the criminal's nation of residence; however, any attacks are unlikely to limit themselves to Russia.
A Windows Service Anyone can Feel Good about Terminating
The Cyborg Ransomware's samples are pretending that they're a 'Host Process for Windows Services,' which makes for a reasonable disguise in most environments. Although it lacks the more difficult-to-acquire digital certifications, or other forms of authenticity, the name, alone, might be enough for convincing its victims – until their files become unusable. Meanwhile, any decryption hope without paying a risky Bitcoin ransom remains entirely speculative.
Malware researchers would recommend responding to the Cyborg Ransomware as if it's a fully-functional threat, just like Hidden Tear or the Jigsaw Ransomware. You can protect your PC by disabling your browser's Flash and JavaScript, installing security fixes, scanning downloads from sources such as e-mail, and avoiding unsafe network practices like reusing crackable passwords.
Since the Cyborg Ransomware hasn't had confirmation for erasing the Shadow Volume Copies, recovery via the Restore Points could be possible. Remote backups remain the best solution to file-locking Trojans' attacks.
Like its semi-robotic namesake, the Cyborg Ransomware uses technology for inglorious and violent ends. However, anyone can turn the tables by using their computers responsible and making a point of storing their files with all proper care.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.