Click on screenshot to zoom
Danger level 5
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Cyberresearcher Ransomware

Cyberresearcher Ransomware is yet another malicious infection to come from the Hidden Tear family. All of the threats that are coming from it – including Horros Ransomware, Sorry HT Ransomware, and many others – were created using the same source code. Of course, they were created by different parties, which is why they have many differences, especially when it comes to ransom demands. The threat we are discussing in this report demands a ransom of 2.5 Bitcoins. If you are not familiar with this crypto-currency, you might not know that 2.5 BTC converts to 22,000 USD or 18,000 EUR. It is important to note that the conversion rates shift frequently, and the sums might be completely different at the time of you reading this report. Ultimately, the ransom is very big, and so it is likely that the target of this infection is bigger companies and organizations. In either case, paying the ransom is not recommended, and we explain that further in this report. If you want to learn more, and you want to learn about the removal of Cyberresearcher Ransomware, keep reading.

It is impossible to say how Cyberresearcher Ransomware got into your system without additional analysis. Do you remember opening a spam email attachment that did not open anything? This is how many file-encrypting threats spread, but other distribution methods exist too. If you did not recognize and delete Cyberresearcher Ransomware right after its execution, it must have encrypted your personal files. Our research has counted at least 200 different types of files that the ransomware is capable of encrypting. Of course, it avoids encrypting data in folders that have “Windows,” “Program Files,” or “Program Files (x86)” strings in their names to ensure that system files are not corrupted. The personal files that do get corrupted can be spotted right away because of the “.CYBERRESEARCHER” extension that is appended to their original names. Hopefully, these files are backed up, or you do not care about losing them because decrypting them is unlikely to be possible. Although the ransom note represented via the file named “READ_IT.htm” suggests otherwise, trusting promises made by cyber criminals is not advised.

The ransom note file, “READ_IT.htm,” should be placed in every folder affected by the malicious Cyberresearcher Ransomware. The text message within the file is very short. It basically informs that you need to send 2.5 bitcoin to 126HY2x4gBWDxzff3PRi8hrcqoHpgNSvr6. This is a wallet address that belongs to the creator of the ransomware. The message also warns that all encrypted files would be deleted if the ransom payment was not made in 48 hours. This is just a scare tactic, and your files are unlikely to be harmed any further. What if you choose to pay the ransom? It is likely that the creator of the devious infection has a decryption key, also known as “private” key, but would they give it to you? No one can know for sure because you are dealing with unpredictable cyber criminals here. Unfortunately, our experience with ransomware suggests that the key is unlikely to be provided to you, and you are unlikely to get your files back. This is why you should think twice before following the demands of Cyberresearcher Ransomware.

You should not have the question of whether or not you need to delete Cyberresearcher Ransomware because this threat is malicious, and keeping it installed would be a mistake. You might be postponing the removal of this malware because your personal files are encrypted, but it is unlikely that you can recover them anyway, and you certainly should not consider paying the ransom. Your best bet would be to use backups. If they do not exist, look into using legitimate file decrypting software. At the time, no tool was capable of deciphering the encryption tool used by Cyberresearcher Ransomware, but it could be created in the future. All in all, even if you cannot recover your files, you must delete the ransomware, and you might be able to do it in two ways. You might be able to locate and erase the launcher yourself, or you might use anti-malware software. If you cannot identify the launcher file, using software that is built to automatically remove all threats is the best option for you.

Cyberresearcher Ransomware Removal

  1. Find and Delete the launcher of the ransomware. Its name and location are unique, and so we cannot tell you where it is. Some of the possible locations include:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  2. Delete every single copy of the READ_IT.htm file.
  3. Empty Recycle Bin and then quickly install and run a legitimate malware scanner to check your system.
Download Spyware Removal Tool to Remove* Cyberresearcher Ransomware
  • Quick & tested solution for Cyberresearcher Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.