CyberDrill Ransomware

CyberDrill is another piece of ransomware that was created using the open source ransomware Hidden Tear. Ransomware has become accessible to everyone interested in malware scripting after the release of Hidden Tear, which was presented as a tool for educating and enlightening people about ransomware. The CyberDrill ransomware is one of the latest strains that can cause you some problems even though the functionalities of the infection are restricted because of coding. Once spotted on the computer, the infection should be removed. Moreover, some preventative measures should be also taken to avert future malware attacks.

Hidden Tear is unique in its fixed features, which means that even though Hidden Tear-based threats varies in their purposes, they have common features. For instance, the CyberDrill ransomware uses AES encryption, which is one of the simplest types of encryption used by a variety of institutions and entities to store and protect valuable data. Another feature of the CyberDrill ransomware, which is also a feature of Hidden Tear, is that the infection is capable of encrypting files located only in the Test folder on the Desktop. Interestingly, the threat in question is coded to encrypt only image files in the PNG and JPG formats. As soon as the files are encrypted, their extensions are modified by adding the additional extension .cyberdrill.

Similarly to the vast majority of the infections, including Hidden Tear-based, the CyberDrill ransomware creates a .txt file (named READ_IT) containing a ransom message aimed at prodding the used into paying a ransom. Here it is important not to worry, because the infection does not affect your files, so there is no need to bother yourself about their decryption. Even if ransomware encrypts your files, you should not follow the attackers requirement to pay up. Security experts and law enforcement strongly recommend disregarding the demand for the ransom, because it is highly possible that nobody would bother to provide you with a chance to restore your data back to normal. Moreover, the sum required is 30 Bitcoins, which is an extremely considerable sum of money for file decryption. You should think carefully whether you would afford this big a release sum in case the ransomware threat were indeed capable of compromising your files.

Even though the CyberDrill ransomware appears to be not fully programmed to successfully identify and encrypt hundreds of file types that can be found on a PC, the infection has an added functionality to carry out a DDoS attack against http://192.168.1.5. In January 2017, a ransomware infection dubbed FireCrypt was found to feature a DDoS component; however, it was concluded that the attackers would have to infect thousands of computers before launching a large DDoS attack to cause damage. According to one researchers who analyzed the FireCrypt, in order to carry out a DDoS attack using ransomware requires concealment and precision, because anti-malware scanners would identify and block DDoS components.

In addition, the CyberDrill ransomware has been found to use the ping command with the parameters -t and -l to check if the host computer is accessible. Another feature that should also encourage you to remove the ransomware infection from your computer is the fact that the threat disables Windows Task Managers every time this system monitoring application starts. This is done in order to prevent the user from manually ending malicious process.

Nevertheless, it is possible to remove the CyberDrill ransomware, which you can try doing with the help of our step-by-step removal guide given below. Before you start removing the infection, please note that you make changes on your computer at your own risk. Removing this particular ransomware requires accessing the Registry, in which different types of Windows settings are stored.

In case you find that the removal process is too complex, we recommend installing an anti-malware program. Our recommended security tool can remove the CyberDrill ransomware for good and defend your operating system against attacks of different types. If your OS remains unprotected, that means it remains vulnerable to the threats circulating on the Internet, so you should take action as soon as you can.

How to remove the CyberDrill ransomware

1. Install a third-party program for monitoring and managing system processes so that you can kill malicious processes.
2. Press Win+R and type in regedit. Click.
3. Follow the path HKCU\SOFTWARE\Microsoft\Windows\Currentversion\Run|My application|{location of the associated file} to access My application.
4. Open the file location and delete the file.
5. Delete the malicious value stored in the Registry.