CyberDrill Ransomware Remove and Decrypt .locked Files - How to, Technology and PC Security Forum |

CyberDrill Ransomware Remove and Decrypt .locked Files

This article will help you remove CyberDrill ransomware and to try and restore your files encrypted with an added .locked file extension.
A ransomware virus, named CyberDrill, also reported to be known as Ransomuhahawhere has been the reason for multiple reports of victims infected in January 2017. The virus uses the .locked file extension which It adds to the files it encodes. Then, CyberDrill ransomware drops a folder, named “cyberdrill” and a text file, named READ_IT.txt. This file also contains a decryption key which is 15 bytes in size. In case you have become a victim of the CyberDrill virus, read this article thoroughly to become familiar with this virus and learn how to get your data back and remove it.

Threat Summary



Short DescriptionEncrypts the files on the compromised computers, but does not have a BitCoin address for payment.
SymptomsThe user may witness a ransom note, named READ_IT.txt with the decryption key written in it. No contact information for file decryption.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by CyberDrill


Malware Removal Tool

User ExperienceJoin our forum to Discuss CyberDrill.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CyberDrill Ransomware – How Does It Infect

The primary belief is that this virus can spread with the assistance of e-mail spamming software. Such software may contain a combination of:

  • Pre-set e-mails that are pre-written with deceptive message, like a false alarm the user has purchased something online, for example.
  • Spamming software that aims to utilize a database of fake(disposable) e-mails that are not blocked by e-mail vendors.
  • Set of malicious files that may be used for the infection. The files may be many formats, ranging from documents with malicious macros to the following file types – ‘js’,’jse’,’html’,’htm’,’scr’,’sh’,’bat’,’jsx’,’cmd’,
  • Another method of infection that could be used according to reports by malware researchers is fake Adobe Flash Player installers. Usually such installers may appear as pop-ups by visiting dubious websites without the required anti-malware protection. Another mean of getting such fake updates is via having a potentially unwanted program (PUP) installed on your computer.

    CyberDrill Ransomware – More Information

    As soon as the malicious file by CyberDrill ransomware is opened on your computer, the virus begins to encrypt files. For the encryption process, the malware scans for the following file types:

    → .asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, .xls, .xlsx, .xml

    The files are then rendered un-openable with an added .locked file extension to them. They appear like the following:

    Then, the ransomware generates a text file which has the decryption key embedded in it:

    In addition to this, the virus also connects to remote locations to download malicious files as well as communicate. The locations are reportedly the following:

    Remove CyberDrill Ransomware and Restore Encrypted Files

    In order to get rid of this ransomware virus from your computer, you should look for the malicious files and delete them or perform the removal automatically and completely with an advanced anti-malware program. For this to happen, we have created instructions below.

    To recover your files, it is important to keep the decryption key in the text file and the encrypted files with you at all times. Soon a decrypter corresponding to this ransomware will be updated and we will post a link on this article, so make sure to follow it regularly.

    Manually delete CyberDrill from your computer

    Note! Substantial notification about the CyberDrill threat: Manual removal of CyberDrill requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

    1. Boot Your PC In Safe Mode to isolate and remove CyberDrill files and objects
    2.Find malicious files created by CyberDrill on your PC

    Automatically remove CyberDrill by downloading an advanced anti-malware program

    1. Remove CyberDrill with SpyHunter Anti-Malware Tool and back up your data
    Optional: Using Alternative Anti-Malware Tools

    Vencislav Krustev

    A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

    More Posts - Website

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Share on Twitter Tweet
    Share on Google Plus Share
    Share on Linkedin Share
    Share on Digg Share
    Share on Reddit Share
    Share on Stumbleupon Share