CyberDrill Ransomware Remove and Decrypt .locked Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

CyberDrill Ransomware Remove and Decrypt .locked Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by CyberDrill and other threats.
Threats such as CyberDrill may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you remove CyberDrill ransomware and to try and restore your files encrypted with an added .locked file extension.
A ransomware virus, named CyberDrill, also reported to be known as Ransomuhahawhere has been the reason for multiple reports of victims infected in January 2017. The virus uses the .locked file extension which It adds to the files it encodes. Then, CyberDrill ransomware drops a folder, named “cyberdrill” and a text file, named READ_IT.txt. This file also contains a decryption key which is 15 bytes in size. In case you have become a victim of the CyberDrill virus, read this article thoroughly to become familiar with this virus and learn how to get your data back and remove it.

Threat Summary

Name

CyberDrill

TypeRansomware
Short DescriptionEncrypts the files on the compromised computers, but does not have a BitCoin address for payment.
SymptomsThe user may witness a ransom note, named READ_IT.txt with the decryption key written in it. No contact information for file decryption.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by CyberDrill

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss CyberDrill.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CyberDrill Ransomware – How Does It Infect

The primary belief is that this virus can spread with the assistance of e-mail spamming software. Such software may contain a combination of:

  • Pre-set e-mails that are pre-written with deceptive message, like a false alarm the user has purchased something online, for example.
  • Spamming software that aims to utilize a database of fake(disposable) e-mails that are not blocked by e-mail vendors.
  • Set of malicious files that may be used for the infection. The files may be many formats, ranging from documents with malicious macros to the following file types – ‘js’,’jse’,’html’,’htm’,’scr’,’sh’,’bat’,’jsx’,’cmd’,
    ‘vb’,’vbs’,’vbe’,’ws’,’wsf’,’wsc’,’wsh’,’ps1′,’ps1xml’,’ps2′,’ps2xml’,’psc1′,’psc2′,’msh’,’msh1′,’msh2′,’mshxml’,‘msh1xml’,’msh2xml’,’scf’,’lnk’,’inf’,’reg’,’pif’,’hta’,’cpl’,’jar’,’class’,‘exe”application’,’gadget’,’msi’,’msp’,’com’,’msc’,’sys’,’shs’,’wmf’,’chm’,’wmf’,’ozd’,’ocx’,’aru’,’xtbl’,’bin’,’exe1′,’386,’dev’,’xnxx’,’vexe’,’tps’,’pgm’,’php3′,’hlp’,’vxd’,’buk’,’dxz’,’rsc_tmp’,’sop’,’wlpginstall’,’boo’,’bkd’,’tsa’,’cla’,’cih’,’kcd’,’s7p’,’smm’,’osa’,’exe_renamed’,’smtp’,’dom’,’vbx’,’hlw’,’dyz’,’rhk’,’fag’,’qrn’,’fnr’,’dlb’,’mfu’,’xir’,’lik’,’ctbl’,’dyv’,’bll’,’bxz’,’mjz’,’mjg’,’dli’,’fjl’,’ska’,’dllx’,’tti’,’upa’,’txs’,’wsh’,’uzy’,’cfxxe’,’xdu’,’bup’,’spam’,’nls’,’iws’,’ezt’,’oar’,’.9′,’blf’,’cxq’,’cxq’,’cc’,’dbd’,’xlv’,’rna’,’tko’,’delf’,’ceo’,’bhx’,’atm’,’lkh’,’vzr’,’ce0′,’bps’,’pid’,’hsq’,’zvz’,’bmw’,’fuj’,’ssy’,’hts’,’qit’,’aepl’,’dx’,’lok’,’plc’,’mcq’,’cyw’,’let’,’bqf’,’iva’,’xnt’,’pr’,’lpaq5′,’capxml’
  • Another method of infection that could be used according to reports by malware researchers is fake Adobe Flash Player installers. Usually such installers may appear as pop-ups by visiting dubious websites without the required anti-malware protection. Another mean of getting such fake updates is via having a potentially unwanted program (PUP) installed on your computer.

    CyberDrill Ransomware – More Information

    As soon as the malicious file by CyberDrill ransomware is opened on your computer, the virus begins to encrypt files. For the encryption process, the malware scans for the following file types:

    → .asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, .xls, .xlsx, .xml

    The files are then rendered un-openable with an added .locked file extension to them. They appear like the following:

    Then, the ransomware generates a text file which has the decryption key embedded in it:

    In addition to this, the virus also connects to remote locations to download malicious files as well as communicate. The locations are reportedly the following:

    Remove CyberDrill Ransomware and Restore Encrypted Files

    In order to get rid of this ransomware virus from your computer, you should look for the malicious files and delete them or perform the removal automatically and completely with an advanced anti-malware program. For this to happen, we have created instructions below.

    To recover your files, it is important to keep the decryption key in the text file and the encrypted files with you at all times. Soon a decrypter corresponding to this ransomware will be updated and we will post a link on this article, so make sure to follow it regularly.

    Note! Your computer system may be affected by CyberDrill and other threats.
    Scan Your PC with SpyHunter
    SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as CyberDrill.
    Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

    To remove CyberDrill follow these steps:

    1. Boot Your PC In Safe Mode to isolate and remove CyberDrill files and objects
    2. Find files created by CyberDrill on your PC

    Use SpyHunter to scan for malware and unwanted programs

    3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
    4. Try to Restore files encrypted by CyberDrill

    Ventsislav Krastev

    Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

    More Posts - Website

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Loading...
    Share on Twitter Tweet
    Loading...
    Share on Google Plus Share
    Loading...
    Share on Linkedin Share
    Loading...
    Share on Digg Share
    Share on Reddit Share
    Loading...
    Share on Stumbleupon Share
    Loading...