Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Apr 2018

How to remove Cyberresearcher ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Jake Doevan · Computer technology expert

Cyberresearcher ransomware is a devastating virus that threatens to delete all files

Cyberresearcher ransomware

Cyberresearcher ransomware is cryptovirus that was discovered by security researchers mid-April 2018 and is based on open-source HiddenTear ransomware. The virus uses AES[1] cipher to encrypt all data and adds .CYBERRESEARCHER extension to each of the files. Users are asked to pay 2.5BTC into a provided wallet address, which is located inside READ_IT.htm file.

SUMMARY
Name Cyberresearcher
Type Ransomware
Ransom demanded 2.5 BTC
Cipher used AES cipher
Extension .CYBERRESEARCHER
Ransom note  READ_IT.htm
Distribution Spam emails, exploits, repacked or infected installers, etc.
Elimination Automatic elimination using FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes

Crypto-viruses typically have several stages of the infection process. Firstly, after the malicious file is executed, the payload is released. It modifies various settings inside the system (including registry entries). This allows Cyberresearcher virus to boot up every time the machine is started. Soon after that, the cyber threat locks up all the detected files on the device.

Cyberresearcher ransomware can lock up a variety of files, including .html, .doc, .gif, .jpg, .xlsx, etc. If the file on your computer is called document.doc, it will be turned into document.doc.CYBERRESEARCHER immediately after encryption.

The key which is stored on a remote server by cybercrooks is required to get all the files back. Thus, decrypting data without it becomes practically impossible. The only reliable file recovery procedure is possible from a back-up. Before that, users should undertake Cyberresearcher ransomware removal.

The READ_IT.htm file states the following:

Your files have been encrypted by CYBERRESEARCHER
Send 2.5 Bitcoins to [Bitcoin wallet]
Your files will be deleted permanently if the Bitcoins are not sent in the next 48 hours

Cyberresearcher authors are asking for 2.5 Bitcoins (around $20k currently) to be sent into a specific wallet. However, the e-mail address that should be used to contact hackers is not provided (typically email is given to users so that could receive the key after payment is done). Thus, it is believed that the virus might intentionally delete all files – work as a data wiper.

The required amount is pretty high, so hopefully, users will get discouraged to pay the ransom. Nevertheless, even if the ransom demand would be small, security experts recommend avoiding paying cybercrooks. There is never a guarantee that hackers will provide you with the promised key. Thus, you might end up not only losing your files but also your money.

Additionally, by paying the ransom, you would only encourage crooks to create more viruses and infect more computers with it. Instead of risking your money, remove Cyberresearcher ransomware and then proceed with file recovery. We recommend using robust security software for that, such as FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes.

Cyberresearcher crypto-virus 

Distribution methods of file encrypting viruses

There are few different ways the crypto-virus can get into your PC, like through unprotected RDP configuration,[2] infected installers, fake updates, fraudulent downloads, exploits, etc. But the most prevalent distribution method is via spam emails.

Therefore, it is vital to be cautious when opening emails from unknown sources. Typically, email author pretends to be an individual from a high-profile organization (such as Twitter, Amazon) or even from the governmental institution (tax collector or similar).

There are two main red flags for these type of emails:

  1. the author urges users to open up the attachment or click on a link persuasively
  2. the attachment asks to enable macro function

DO NOT click on anything and delete such emails. You can view several examples online and learn to recognize phishing emails rather quickly.

Naturally, we also advise users to stay away from torrent, file-sharing, cracked software and similar websites. Cybercrooks often inject their malicious payloads into installers and spread them using uncontrolled sites.

Remove Cyberresearcher ransomware from your computer

Security researchers from udenvirus.dk[3] recommend users to stay away from manual Cyberresearcher ransomware removal. The procedure is too complicated for regular users and might result in permanent system file damage.

Therefore, you should trust reputable security software like FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. These programs are designed to remove Cyberresearcher virus easily. However, do not forget that crypto-virus might block normal operation o anti-virus program. Thus, reboot your PC in a safe mode with networking.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.