Home / Parasites / Trojans / Cyber Police Ransomware
Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Cyber Police Ransomware

Cyber Police Ransomware is dangerous threat that poses as a fake warning on your screen. This ransomware program wants you to believe that you are fined due to your alleged illegal software use. Even if you happen to have unlicensed software on board, you need to know that this warning is fake and the criminals behind it simply want to extort money from you in exchange for the private decryption key. We have found that this new threat is indeed a new spin-off of the well-known Hidden Tear Ransomware, which is an open-source educational project that has given base for a number malicious variants, such as Bancocrypt Ransomware and Bass-fes Ransomware. This dangerous infection can encrypt hundreds of file extensions and thus cause a lot of damage. It is practically impossible to recover your files without the key unless you have a backup stored somewhere safe. We do not advise you to transfer the ransom fee because you may still not be able to restore your files. We strongly recommend that you remove Cyber Police Ransomware from your PC immediately.

It is quite likely that you have received a spam mail lately that had an attachment, which you wanted to see, and this is how you may have infected your computer. Unfortunately, it is getting harder to weed out real spam as even spam filters make mistakes from time to time being too strict with their policies, which means that even legitimate e-mails can land in your spam folder. However, if you see a mail there that seems to come from a legitimate sender with a subject that looks important and may even concern you, it is quite likely that you will want to open it for more detail. The subject such a spam may refer to can be anything that would wake your curiosity, including an unpaid invoice, un undelivered parcel, a wrong hotel booking, and so on.

Unfortunately, once you open this mail and click to view its attachment, which can pose as an image or a text document, there is no return from having your important files encrypted. This is also why you cannot delete Cyber Police Ransomware in time for you to prevent your files from being encoded. So you may pay a very high price for being curious. We suggest that you be more careful with your mails and think twice before opening a questionable e-mail, let alone its attachment. You are definitely better off double-checking with the sender to see if he or she really sent this mail for you.

As we have said, this dangerous ransomware program uses an excuse to attack you claiming that you have been caught for "unlicensed software usage," which is obviously a fake warning, even if some victims may actually feel guilty as charged. It seems that this malware infection targets files in these default directories:

  • %USERPROFILE%\Desktop
  • %USERPROFILE%\Links
  • %USERPROFILE%\Contacts
  • %USERPROFILE%\Documents
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Pictures
  • %USERPROFILE%\Music
  • %USERPROFILE%\OneDrive
  • %USERPROFILE%\Saved Games
  • %USERPROFILE%\Favorites
  • %USERPROFILE%\Searches
  • %USERPROFILE%\Videos

Unlike most of other ransomware programs, this new variant of Hidden Tear seems to attack hundreds of file extension. Thus, you may lose all of your pictures, videos, audios, documents, archives, databases, and third-party program files as well. In other words, this ransomware is capable of huge devastation on your system. The encrypted files get a ".locked" extension, which has been used a couple of times by other infections as well.

This ransomware infection sets your new desktop wallpaper from the web ("image.ibb.co/jbKPfw/test.jpg"). After downloading this image, it copies it to "C:\test.jpg" root directory. It also drops a ransom note text file on your desktop ("%USERPROFILE%\Desktop\READ_ME.txt"). Once executed, ransomware deletes and copies itself to "%HOMEDRIVE%\user\Rand123\local.exe." The ransom note instructs you to transfer $100's worth of Bitcoins to the provided Bitcoin wallet address if you want to recover your files. We do not recommend that you do so because there is no guarantee that you will get anything in return. We advise you to remove Cyber Police Ransomware immediately after you notice it has hit you.

We have put together the necessary instructions for you to be able to eliminate this dangerous program from your PC. If you are not up to manual removal, you may want to choose to use a professional anti-malware program (e.g., SpyHunter) to automatically kill this threat and protect your computer from all possible future malicious attacks as well.

How to remove Cyber Police Ransomware from Window

  1. Press Ctrl+Shift+Esc to open Task Manager.
  2. Select the malicious process and press End task.
  3. Close the Task Manager.
  4. Press Win+E.
  5. Delete this folder and files:
    %HOMEDRIVE%\user\Rand123\
    %HOMEDRIVE%\user\ransom.jpg
    C:\test.jpg
  6. Delete the downloaded malicious file.
  7. Empty your Recycle Bin.
  8. Restart your PC.
Download Spyware Removal Tool to Remove* Cyber Police Ransomware
  • Quick & tested solution for Cyber Police Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US