Cyber Police Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 192
Category: Trojans

Cyber Police Ransomware is a malicious application that shows a message saying: “your computer is blocked by cyber police for unlicensed software’s usage.” As the rest of its text says, the malware encrypts user’s files and demands for ransom in exchange for a decryption key. Apparently, the threat can lock a wide range of different file types, including executable files. Therefore, infecting the system with it could cause you a lot of trouble. Naturally, paying the ransom might seem the easiest way to undo the damage, but you should know there are no guarantees the cyber criminals behind Cyber Police Ransomware will keep up with their promises. In other words, no one can stop them from tricking you if they decide not to bother with sending the promised decryption tool. This is why we recommend ignoring the malware’s message and erasing it at once. The recommended deletion steps available below the article are here to help you with this task.

We believe, Cyber Police Ransomware might be distributed via usual channels, such as Spam emails, malicious file-sharing web pages, and so on. After the launch, the malware is supposed to create an executable file called local.exe in the %HOMEDRIVE%\user\Rand123 location. It is essential to mention the threat also creates the folder called Rand123. Besides this data, the ransomware should place an image called ransom.jpg in the %HOMEDRIVE%\user location and a picture named test.jpg on the computer’s C: drive. One of the pictures should be used to replace user’s default Desktop wallpaper, while the other one is probably just an extra copy in case the user decides to remove the wallpaper. Both of the images might carry a message or in other words, a ransom note; we talked about at the beginning of the article.

The ransom note claims Cyber Police Ransomware encrypted all important documents and other user’s files located on the infected computer. Our specialists say this should be true because it looks like the malware can encrypt a wide range of different file types. Also, we noticed the malicious application marks each damaged file with a second extension called .locked, for example, flower.jpg.locked. To restore such data the cyber criminals behind the threat suggest purchasing a decryption key for 100 US dollars. To be more precise, it is said the user should spend this sum on buying Bitcoins and then send them to the provided Bitcoin wallet. After the payment is made, the malicious application’s creators promise to send the promised decryption tool via your email address. The problem is no one can tell if they will do so.

Provided, you do not want to risk your money, we advise you to learn from the experience of users who lost their money while putting up with cyber criminals’ demands and remove the malware instead. According to our researchers, Cyber Police Ransomware can be eliminated manually, or with automatic features, so you can choose the option you prefer most. Users who feel up to the task could follow the steps you can see below the text and get rid of the malicious application manually. Those who choose the second option, should install a reliable antimalware tool and perform a full system scan.

Eliminate Cyber Police Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find a suspicious process related to the malware.
  4. Select this process and press End Task.
  5. Exit Task Manager.
  6. Tap Windows key+E.
  7. Go to %HOMEDRIVE%\user and look for a folder titled Rand123; it should contain local.exe.
  8. Right-click the described folder (Rand123) and press Delete.
  9. Look for a file called ransom.jpg and also located in the %HOMEDRIVE%\user directory.
  10. Right-click it (ransom.jpg) and select Delete.
  11. Access C: disk and find an image named test.jpg, right-click it and select Delete.
  12. Close File Explorer.
  13. Empty your Recycle bin.
  14. Reboot the system.
Download Remover for Cyber Police Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Cyber Police Ransomware Screenshots:

Cyber Police Ransomware

Cyber Police Ransomware technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1adobe.exe259072 bytesMD5: 6e7332f56cc478f128332036fbdf480e
2test.jpg348705 bytesMD5: 4e1c292d273c5f0bf96e26f8e23f2cf1

Memory Processes Created:

# Process Name Process Filename Main module size
1adobe.exeadobe.exe259072 bytes

Comments are closed.