Cyber SpLiTTer Vbs ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

The latest news about Cyber SpLiTTer Vbs virus

Cyber SpLiTTer Vbs virus appeared in September 2016, but it did not succeed. Malware does not behave like an ordinary ransomware[1] virus. It does not encrypt files on the attacked computer and only delivers a lock screen. However, it seems that the first failure was a motivation for the hackers to learn from the mistakes and updated the virus. A few months later, malware researchers spotted CyberSplitter 2.0 ransomware that can actually encrypt files using strong encryption algorithm. However, it is not the only one attempt to update Cyber SpLiTTer Vbs ransomware. On February 2017, malware researchers have noticed two new variants of the virus. The one version pretends to be from the FBI and delivers a fake message that victim’s computer has been locked. Another variant is known under Blue Eagle name and informs people that their computer has been hacked. It seems that hackers try their best to finally create a powerful cyber threat and swindle as much money as possible[2] from the computer users. However, we highly recommend not paying the ransom and concentrating on Cyber SpLiTTer Vbs removal. It doesn’t matter which variant has attacked your machine, install reputable antivirus program or malware removal tool and run a full system scan. If you need advice, choose Reimage for ransomware removal.

As we mentioned at the beginning, SpLiTTer Vbs virus does not behave as typical ransomware. It does not encrypt targeted files; it only delivers a lock screen. What is interesting that Cyber SpLiTTer Vbs ransomware tries to copy the techniques of infamous Cerber virus[3]. For example, after the attack, the virus plays an audio message saying “your pictures, videos, and databases have been encrypted.” Apart from hearing the scary message, victims also see the lock screen message informing about encrypted files and demanding 1 Bitcoin for data decryption:

Your files have been encrypted
Send $ 1 BTC amount of the account is decrypted your files
“Cyber SpLiTTer Vbs”
Send to Account Bitcoin ->

As you can see, crooks are not very educated, and the information on the ransomware lock screen is full of mistakes. However, the virus is not precisely developed, and it seems that its authors are low-level programmers who haven’t mastered software development skills well enough to create a code that could corrupt victim’s files. Obviously, you should not pay the ransom because your data is free – you just need to remove Cyber SpLiTTer Vbs ransomware from the system.

Variants of Cyber SpLiTTer Vbs ransomware

CyberSplitter 2.0 ransomware. Developers updated the virus, and now it can actually encrypt targeted files. After infiltration, malware encrypts files using AES and RSA encryption algorithms and appends .cyber splitter vbs file extension. Following data encryption malware also leaves a ransom note called Read_Me.txt which includes all necessary information about date decryption. Developers of the ransomware also demand 1 Bitcoins for data recovery. What is more, the second version of the Cyber SpLiTTer Vbs virus also plays the same audio file scare and convince victims to pay the ransom.

Your Computer Has Been Locked. On February 2017 malware researchers noticed a new version of the virus that pretends to be from FBI. Malware delivers a lock screen that informs that attacked computer was suspended because its owner visited pornographic websites, violate the intellectual property right, published malware or commit other crimes. The lock screen also includes what punishment victim can expect if he or she won’t pay the ransom of 0,5 Bitcoin.

Blue Eagle Ransomware. On February 2017, another variant of Cyber SpLiTTer Vbs ransomware has been noticed attacking home computer users and informing that their files have been Crypted by Saher Blue Eagle. Malware appends the .blueeagle file extension to the targeted data and demands to pay 0,5 Bitcoins for the decryption.

How does ransomware spread?

Ransomware is a computer pest that is mainly distributed using Trojan horse[4] technique. It means that cyber criminals create a file that looks entirely safe and inject malicious codes into it. Such file can be a document, PDF file, archive, or a different type of file as well. The most popular way to deceive victims is to send a phony email message[5] to them, stating that relevant files have been attached to the letter, and the victim must open them to see the information they provide. Of course, once the victim opens such malicious attachments, malware roots into the system and wreaks havoc there. Be careful because criminals can pretend that they are sending invoices, speeding tickets, health test results, and the like. It is highly recommended to delete emails that come from unknown senders; besides, it is also advisable to keep all your software up-to-date and protect the system with anti-malware software because there are numerous other malware distribution techniques that crooks use.

The safe way to Cyber SpLiTTer Vbs virus from the computer

If you have been attacked by Cyber SpLiTTer Vbs virus, you will need to clean the computer using anti-malware software such Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. Firstly, you will have to reboot the PC into Safe Mode and download anti-malware tool (if you do not have one yet). If you have never attempted to start your PC in such mode, please follow Cyber SpLiTTer Vbs removal instructions provided below this post. When you remove Cyber SpLiTTer Vbs ransomware, do not forget to take security measurements and protect your data in advance – back up most important files and move them to a safe removable storage drive so that you can use it in the future. It is the most efficient way to protect your important files because typically when a really powerful ransomware attacks the computer, data cannot be restored in any way.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Cyber SpLiTTer Vbs ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Cyber SpLiTTer Vbs ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Cyber SpLiTTer Vbs virus Removal Guide:

Remove Cyber SpLiTTer Vbs using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Ransomware might be resistant and prevent you from installing or accessing malware removal software. To solve this issue, you have to reboot your PC to the Safe Mode.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Cyber SpLiTTer Vbs

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Cyber SpLiTTer Vbs removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Cyber SpLiTTer Vbs using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Some ransomware viruses might be a challenge to remove automatically. If you cannot run a full system scan, follow these steps to reboot your computer and try again.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Cyber SpLiTTer Vbs. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Cyber SpLiTTer Vbs removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Cyber SpLiTTer Vbs from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Cyber SpLiTTer Vbs, you can use several methods to restore them:

Recover files encrypted by Cyber SpLiTTer Vbs virus with a help of Data Recovery Pro

Data Recovery Pro is a professional tool that helps to recover damaged, deleted and some of the encrypted files. Bear in mind that it’s not a Cyber SpLiTTer Vbs decrypter.

Recover files encrypted by Cyber SpLiTTer Vbs ransomware with a help of Windows Previous Versions feature

This method allows restoring individual files if System Restore function has been enabled before ransomware attack. Otherwise, this method does not work for you.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Recover files encrypted by Cyber SpLiTTer Vbs malware with a help of ShadowExplorer

If Cyber SpLiTTer Vbs virus failed to delete Shadow Volume Copies of the targeted files, you could consider yourself lucky. ShadowExplorer can help you to recover encrypted files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Cyber SpLiTTer Vbs and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References


  • vetandie

    this ransomware is New Is not Published Is Not Fake

    • Marco

      Well, typically ransomware viruses encrypt files and this one doesnt – and it says that “your files are encrypted” whereas it does not encrypt them. So I guess this virus is kinda fake. Of course, it might be updated and become a crypto-ransomware – that is likely to happen.

    • Irina

      If its not published how the hell did I get infected with it???

  • Ali

    Thanks for sharing the news!

  • adams

    this ransomwareis not fake is crypteing files

    • jouei

      there are a couple of versions of cyber splitter ransomware. an updated version does encrypt files, yes