Cyberresearcher ransomware is a devastating virus that threatens to delete all files

Cyberresearcher ransomware is cryptovirus that was discovered by security researchers mid-April 2018 and is based on open-source HiddenTear ransomware. The virus uses AES[1] cipher to encrypt all data and adds .CYBERRESEARCHER extension to each of the files. Users are asked to pay 2.5BTC into a provided wallet address, which is located inside READ_IT.htm file.
| SUMMARY | |
| Name | Cyberresearcher |
|---|---|
| Type | Ransomware |
| Ransom demanded | 2.5 BTC |
| Cipher used | AES cipher |
| Extension | .CYBERRESEARCHER |
| Ransom note | READ_IT.htm |
| Distribution | Spam emails, exploits, repacked or infected installers, etc. |
| Elimination | Automatic elimination using FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes |
Crypto-viruses typically have several stages of the infection process. Firstly, after the malicious file is executed, the payload is released. It modifies various settings inside the system (including registry entries). This allows Cyberresearcher virus to boot up every time the machine is started. Soon after that, the cyber threat locks up all the detected files on the device.
Cyberresearcher ransomware can lock up a variety of files, including .html, .doc, .gif, .jpg, .xlsx, etc. If the file on your computer is called document.doc, it will be turned into document.doc.CYBERRESEARCHER immediately after encryption.
The key which is stored on a remote server by cybercrooks is required to get all the files back. Thus, decrypting data without it becomes practically impossible. The only reliable file recovery procedure is possible from a back-up. Before that, users should undertake Cyberresearcher ransomware removal.
The READ_IT.htm file states the following:
Your files have been encrypted by CYBERRESEARCHER
Send 2.5 Bitcoins to [Bitcoin wallet]
Your files will be deleted permanently if the Bitcoins are not sent in the next 48 hours
Cyberresearcher authors are asking for 2.5 Bitcoins (around $20k currently) to be sent into a specific wallet. However, the e-mail address that should be used to contact hackers is not provided (typically email is given to users so that could receive the key after payment is done). Thus, it is believed that the virus might intentionally delete all files – work as a data wiper.
The required amount is pretty high, so hopefully, users will get discouraged to pay the ransom. Nevertheless, even if the ransom demand would be small, security experts recommend avoiding paying cybercrooks. There is never a guarantee that hackers will provide you with the promised key. Thus, you might end up not only losing your files but also your money.
Additionally, by paying the ransom, you would only encourage crooks to create more viruses and infect more computers with it. Instead of risking your money, remove Cyberresearcher ransomware and then proceed with file recovery. We recommend using robust security software for that, such as FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes.

Distribution methods of file encrypting viruses
There are few different ways the crypto-virus can get into your PC, like through unprotected RDP configuration,[2] infected installers, fake updates, fraudulent downloads, exploits, etc. But the most prevalent distribution method is via spam emails.
Therefore, it is vital to be cautious when opening emails from unknown sources. Typically, email author pretends to be an individual from a high-profile organization (such as Twitter, Amazon) or even from the governmental institution (tax collector or similar).
There are two main red flags for these type of emails:
- the author urges users to open up the attachment or click on a link persuasively
- the attachment asks to enable macro function
DO NOT click on anything and delete such emails. You can view several examples online and learn to recognize phishing emails rather quickly.
Naturally, we also advise users to stay away from torrent, file-sharing, cracked software and similar websites. Cybercrooks often inject their malicious payloads into installers and spread them using uncontrolled sites.
Remove Cyberresearcher ransomware from your computer
Security researchers from udenvirus.dk[3] recommend users to stay away from manual Cyberresearcher ransomware removal. The procedure is too complicated for regular users and might result in permanent system file damage.
Therefore, you should trust reputable security software like FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. These programs are designed to remove Cyberresearcher virus easily. However, do not forget that crypto-virus might block normal operation o anti-virus program. Thus, reboot your PC in a safe mode with networking.
Was this guide helpful?
Be the first to comment