CyberDrill Ransomware Remove and Decrypt .locked Files - How to, Technology and PC Security Forum |

CyberDrill Ransomware Remove and Decrypt .locked Files

This article will help you remove CyberDrill ransomware and to try and restore your files encrypted with an added .locked file extension.
A ransomware virus, named CyberDrill, also reported to be known as Ransomuhahawhere has been the reason for multiple reports of victims infected in January 2017. The virus uses the .locked file extension which It adds to the files it encodes. Then, CyberDrill ransomware drops a folder, named “cyberdrill” and a text file, named READ_IT.txt. This file also contains a decryption key which is 15 bytes in size. In case you have become a victim of the CyberDrill virus, read this article thoroughly to become familiar with this virus and learn how to get your data back and remove it.

Threat Summary



Short DescriptionEncrypts the files on the compromised computers, but does not have a BitCoin address for payment.
SymptomsThe user may witness a ransom note, named READ_IT.txt with the decryption key written in it. No contact information for file decryption.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by CyberDrill


Malware Removal Tool

User ExperienceJoin our forum to Discuss CyberDrill.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

CyberDrill Ransomware – How Does It Infect

The primary belief is that this virus can spread with the assistance of e-mail spamming software. Such software may contain a combination of:

  • Pre-set e-mails that are pre-written with deceptive message, like a false alarm the user has purchased something online, for example.
  • Spamming software that aims to utilize a database of fake(disposable) e-mails that are not blocked by e-mail vendors.
  • Set of malicious files that may be used for the infection. The files may be many formats, ranging from documents with malicious macros to the following file types – ‘js’,’jse’,’html’,’htm’,’scr’,’sh’,’bat’,’jsx’,’cmd’,
  • Another method of infection that could be used according to reports by malware researchers is fake Adobe Flash Player installers. Usually such installers may appear as pop-ups by visiting dubious websites without the required anti-malware protection. Another mean of getting such fake updates is via having a potentially unwanted program (PUP) installed on your computer.

    CyberDrill Ransomware – More Information

    As soon as the malicious file by CyberDrill ransomware is opened on your computer, the virus begins to encrypt files. For the encryption process, the malware scans for the following file types:

    → .asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, .xls, .xlsx, .xml

    The files are then rendered un-openable with an added .locked file extension to them. They appear like the following:

    Then, the ransomware generates a text file which has the decryption key embedded in it:

    In addition to this, the virus also connects to remote locations to download malicious files as well as communicate. The locations are reportedly the following:


    Remove CyberDrill Ransomware and Restore Encrypted Files

    In order to get rid of this ransomware virus from your computer, you should look for the malicious files and delete them or perform the removal automatically and completely with an advanced anti-malware program. For this to happen, we have created instructions below.

    To recover your files, it is important to keep the decryption key in the text file and the encrypted files with you at all times. Soon a decrypter corresponding to this ransomware will be updated and we will post a link on this article, so make sure to follow it regularly.


    Ventsislav Krastev

    Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

    More Posts - Website

    Follow Me:

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Share on Twitter Tweet
    Share on Google Plus Share
    Share on Linkedin Share
    Share on Digg Share
    Share on Reddit Share
    Share on Stumbleupon Share