CypherPy Ransomware

There is a new threat on the radar, and it is called Cypher Ransomware. This malicious file encryptor, according to our research, has just started spreading, and, hopefully, Windows users still have time to take the security measures that are needed to keep this malware away. When it invades, it immediately encrypts the files on the targeted system. Though the infection does not corrupt system files, it can easily find and corrupt photos, documents, and all other “personal” files that you cannot replace. If you are prepared to face ransomware, your files are already backed up outside your operating system, and the potential loss of the original copies does not scare you. And what if you do not have backups? If that is the case, it is most likely that your files are lost. While free file decryptors exist, they are not equipped to crack the algorithms used by malicious ransomware. In some cases, malware researchers manage to build decryptors, but this does not seem to be the case. All in all, even if you end up losing your private files, you need to remove Cypher Ransomware. The sooner you delete this malicious threat, the better.

Our research team is still gathering information on the distribution of the malicious Cypher Ransomware. It is very likely that this infection is spread using corrupted spam emails. This is the preferred method of distribution of many other similar threats, including Russenger Ransomware, Saturn Ransomware, and Team Anonymous Brazil Ransomware. When the infection finally slithers in, it immediately goes after your files, and once they are encrypted, the “.cypher” extension is appended to all of their names. It is easy to spot which files were corrupted by checking for this specific extension. Every folder containing the corrupted files might also contain the ransom note files. If they are not copied to every folder, they should be created somewhere where you should find them easily (e.g., on the Desktop). The first of these files is “HOW_TO_DECRYPT_FILES.html,” and, according to our research team, it should contain a link to u4hp32ms2u6s4x7q.onion.casa/decrypt. Though the site is down at the moment, it is most likely set up to introduce victims to the ransom demands. The second ransom note file is called “readme_decrypt.txt,” and you need to delete it along with the .HTML file, as well as the executable of Cypher Ransomware.

The message within the “readme_decrypt.txt” file, allegedly, informs that the victim needs to pay a ransom of 1 Bitcoin (~10,500 USD) and then email cyber criminals at ransomwaredecrypt@gmail.com to get the personal files decrypted. If you find yourself in a situation where this appears to be the only option you have, do not rush to pay the ransom. First of all, it is huge, and it is questionable whether your personal files are even worth it. If they are, and if you have the money to spare, take note that cyber criminals are not known for keeping their promises, and so even if you are promised a decryptor, the chances are that your files would stay encrypted even if you paid the ransom. As discussed already, there is no tool that could help with the decryption of files, and while deleting Cypher Ransomware is important, this action cannot help with the decryption. Basically, you can recover files only if backup copies exist.

Right now, you need to decide whether you want to delete Cypher Ransomware manually and also take care of your system’s protection hereafter yourself. Needless to say, protecting your operating system against malware can be extremely difficult, and it is not recommended that you take matters into your own hands. Instead, it is recommended that you install anti-malware software that is designed to keep your system free from malware. It can also automatically erase the threats that are already active on your operating system. So, if you install it, you will have Cypher Ransomware removed automatically. If other threats exist, they will be erased as well. Our research team is ready to answer all questions regarding the ransomware and the protection against malicious infection. If you have questions, feel free to use the comments section below to communicate with us and start discussions.

Cypher Ransomware Removal

1. Delete all recently downloaded suspicious files.
2. Delete the ransom note files, HOW_TO_DECRYPT_FILES.html and readme_decrypt.txt.
3. Right-click the recycle bin icon and choose Empty Recycle Bin.
4. Install a trusted malware scanner to determine whether or not your operating system is clean.

N.B. If you cannot find and remove the launcher of the ransomware yourself, install a legitimate anti-malware program ASAP to erase the threat automatically.