Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


.cancer File Virus (Restore Files)

Article, created to help you remove Cancer Ransomware and restore files encrypted with an added .cancer file extension to them.

A ransomware virus, named Cancer ransomware has been reported to cause an immense amount of trouble to computers it infects. This virus is from the file-encrypting type, meaning that it renders the files on the computers infected by it no longer able to be opened. The file extension .cancer Is added to the encrypted files and the virus is spread all over the world at this point, according to researchers. In case you are amongst the victims of Cancer ransomware, we recommend reading the following article to remove Cancer ransomware and try to get your files back.

Threat Summary

Name

Cancer

TypeRansomware
Short DescriptionThe malware does not encrypt but scrambles folders and changes many different settings on the infected computer.
SymptomsThe user may witness ransom notes and does not have any instructions. Changed file names and the file-extension .cancer has been used.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Cancer

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Cancer.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Cancer Ransomware – How Does It Infect

The virus is most likely distributed via one of the following methods:

E-mail spam messages sent out to victims in different forms, such as fake invoice pretending the user has accidentally bought something.

Fake updates forced by suspicious websites. Usually the updates may pretend that they are legitimate patches for Java or Adobe’s Flash Player. In some cases even the browser is automatically detected and fake update is sent to the user via malvertising

Via potentially unwanted programs that aim to perform multiple modifications on web browsers. Such software may not only display advertisements but also install malware along it.

Cancer Ransomware – Post Infection

The virus is very specific when it comes to infection. After a malicious infection has been opened by the victim, the virus begins to create multiple files on the computer. The files have random names and are all executable files, for example:

  • {random name}.exe
  • CANCER~{random}.exe
  • {random}~cancer.png

After creating those files the virus may also establish connection with a remote host on 162.218.48.104:80 in the United States.

This may result in the hackers are able to send custom executable and receive information from the infected computer, such as:

  • IP address.
  • Location.
  • Operating system.
  • System information.
  • Configuration information.
  • Software installed.

For the encryption process, the Cancer virus may attack often used files, such as videos, documents, photos, database files and other files associated with programs that are used very often. Amongst the file types that are encrypted may be:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

After the encryption takes place, the files and folders can no longer be opened with any software. They are carrying the .cancer file extension added to them. Also adds the VirusTotal.com icon on the encrypted files.

The Cancer virus also changes the wallpaper to a very vulgar one:

Remove Cancer Ransomware and Restore .cancer Encrypted Files

The ransomware virus, named Cancer can be removed if you follow the removal instructions below. They are specifically designed to help users with experience remove the virus manually or beginner users to perform the removal automatically. For maximum results, malware researchers strongly advise victims of Cancer ransomware to download and install an advanced anti-malware program which will be able to take care of the removal of this ransomware virus automatically.

In addition to this, if you want to restore files encrypted by this virus on your computer, we recommend following step “2. Restore files encrypted by Cancer” below. They are not fully effective, but they may help you restore at least a portion of your data.

Manually delete Cancer from your computer

Note! Substantial notification about the Cancer threat: Manual removal of Cancer requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Cancer files and objects
2.Find malicious files created by Cancer on your PC

Automatically remove Cancer by downloading an advanced anti-malware program

1. Remove Cancer with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Cancer
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

  • Jairo Andres Moreno Ciro

    Buen hombre cual es el sha 256 de este randsomware

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.