The CyberDrill ransomware is yet another infection built using the Hidden Tear open source, which has been already used by quite a few people interested in how ransomware works. Hidden Tear uses AES encryption and displays a ransom message to scare users into paying up. However, as this openly available code is supposedly aimed for education, it was created to encrypt files that are located on the desktop in the Test directory. The CyberDrill ransomware is no exception. It scans the system for the Test folder and has been found to encrypt files with the extensions .png and .jpg. After encryption, the files get the .cyberdrill extension. As well as many other ransomware threats, the CyberDrill demands for a hefty release fee, but, since the infection leaves other files intact, there is no need to worry about the ransom. All that you should do is remove the CyberDrill ransomware from the computer and implement some preventative measures so that you do not fall victim to a more serious ransomware infection.
The CyberDrill ransomware does not pose as much danger as many other threats since this threat does not affect your files. It only displays a threatening message so that you act immediately to pay the money required, which is 30 Bitcoins. Bitcoin is a digital currency highly preferred by cyber criminals, mainly those who profit from ransomware. The crypto currency is not owned or controlled by a central bank, and money transactions are made anonymously, in which case the recipient remains unidentified and untraceable. The sum required is barely affordable, so you should focus your attention on the removal of the CyberDrill ransomware.
The ransom message is displayed in a program window and is also available in a .txt file named READ_IT. This ransom warning is created in the Test directory if such a folder is present on the desktop. The attackers seek to express their demands in a very straightforward and aggressive manner. The user is warned that the sum for decryption is increased every day if the money is not submitted in time. Moreover, the attackers claims that their attack is powerful, which is quite true because of the functionalities of the infection found.
Ransom money aside and encryption aside, the CyberDrill ransomware has been found to have DDOS functionality for carrying out a DDoS attack other the local computer http://192.168.1.5. This particular feature of the threat puts more weight to the recommendation to remove the CyberDrill ransomware, and you should take action once you find that your computer is infected.
The CyberDrill ransomware also uses the Ping command to communicate over the network with another computer. When a ping is sent successfully, the computer receives a pong response, and finally the average response time is calculated. The infection uses the -l and -t parameters which pings a specific host until stopped and enables the sender to adjust the size of the ping packet respectively.
In addition, the threat kills the process of Task Manager every time this program is launched. With this system monitoring application disabled, you cannot check what other processes are running on the computer, which is how CyberDrill attempts to stop you from removing it from the PC.
The removal of CyberDrill can be easily carried out by a reputable anti-malware program, and our team strongly recommend that you implement one so that you do not have to worry about other threats. By installing malware prevention software, you minimize the risk of getting the PC compromised. Bear in mind that any unprotected computer connected to the Internet can easily get affected, which means that your personal information can easily get stolen or deleted without any notice.
It is possible to remove the CyberDrill ransomware manually, which you can do with the removal guide given below. However, you should bear in mind that the manual changes you are about to make are made at your own risk. The removal process requires accessing the Windows Registry which is a hierarchical database that stores setting for the Windows operating system. The alterations made and the unwanted consequences are your responsibility, but you can always ask for advice below in the comment box.
|#||File Name||File Size (Bytes)||File Hash|
|1||READ_IT.txt||573 bytes||MD5: a239c2d552ad6427d382f33a4625ce40|