Ransomware in a category of malware and the programs that belong to it are set to either lock a computer’s screen or encrypt its files. Cyber Splitter Vbs Ransomware belongs to the second subgroup, so it is designed to encrypt your files and you ought to remove it as soon as it enters your computer. In most cases, it is too late to do anything as a ransomware springs into action immediately and encrypts the files using an advanced encryption algorithm. The good news is, however, that this particular program currently does not work, but it is still being disseminated. Therefore, if it comes back to life, then it will start to wreak havoc.
While analyzing this particular ransomware, we found that it shares code with the infamous Cerber Ransomware and Cerber2 Ransomware. Nevertheless, it does not look like they have been created by the same developer as Cyber Splitter Vbs Ransomware. We think that, since Cerber Ransomware was sold to cyber crooks on an underground server, someone reverse engendered and modified, and the end result was new ransomware.
However, the method used to distribute it is typical for ransomware, and it involves sending its dropped file in zipped files attached to emails. Indeed, the developer has opted to use the oldest yet highly effective distribution method of email spam. The emails may be disguised as invoices, receipts, tax return forms, surveys, and so on that are made to look legitimate and trick you into opening the attached file that may look like a PDF, but is actually an executable that drops Cyber Splitter Vbs Ransomware onto your computer.
The main executable (.exe) is named randomly in each case but the name is features uppercase and lowercase characters and symbols, but the name can also vary in length as well. Furthermore, the executable is set to drop in a random location, so if you opt to delete it manually, then we suggest checking locations, such as %TEMP%, %APPDATA%, %USERPROFILE%\Downloads, and so on. In any case, once on your PC, this ransomware is designed to execute automatically and begin encrypting your files. Now, we do not know what file types it is supposed to encrypt, but we are positive that it was designed to encrypt images, audios, videos, documents, executables, and so on. In short, it was configured to encrypt personal data. However, as mentioned in the introduction, Cyber Splitter Vbs Ransomware currently does not work for whatever reason. Still, its executable is being sent in fake emails and once on your computer, it might stay there indefinitely or until it is removed.
Research has shown that this ransomware was configured to display a ransom message after the encryption is complete. The message is written on a black background and features a Bitcoin image. Hence, its developer wants you to pay the ransom in Bitcoins. The ransom message reads “Your files have been encrypted” and “Send $1 BTC the amount of the account is Decrypted your files.” The second part does not make sense at all, but the developer was trying to say that you need to send 1 BTC to the provided Bitcoin wallet for your files to be decrypted. Now, given that this program does not encrypt files you should not do that, but if it did work, then you should not pay the ransom as well because the cyber criminal might not decrypt your files either way.
In conclusion, Cyber Splitter Vbs Ransomware is one malicious application that could irreversibly damage your files because there is no way of knowing whether you will receive the decryption key. Thankfully, it does not work, but if your computer happens to be infected with it, then you must remove it. You can try looking for its malicious executable manually, but we suggest using an anti-malware application such as SpyHunter that will detect and delete it for you.