Cyber Police Ransomware
Posted: November 14, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 0 |
| First Seen: | April 20, 2021 |
|---|---|
| OS(es) Affected: | Windows |
The Cyber Police Ransomware is a variant of Hidden Tear and conducts file-locking attacks while pretending to be a tool of law enforcement. Users may identify this Trojan casually by noticing symptoms that include changes to their wallpapers, new extensions on any files that the Cyber Police Ransomware has encrypted, and fake legal alerts. While you always should let your anti-malware products disable the Cyber Police Ransomware before it can harm your files, if possible, most forms of threat-removal software also should be capable of uninstalling it afterward.
A Fake Internet Police is Launching Real File Attacks
A favorite tactic of threat actors from years past is resurfacing in a new version of the face of today's file-locking Trojans: a Cyber Police Ransomware fork of Hidden Tear. Along with keeping the data-encoding and locking attacks of its family, the Cyber Police Ransomware also makes cosmetic changes to the PC that are meant to make the victim believe that the infection is an action by the law enforcement. However, both the Hidden Tear-based code and the assets in use for supporting this tactic all are misappropriated and have no connections to the real law enforcement agencies of any nation.
The Cyber Police Ransomware's most significant form of leverage is its ability to lock files using an undisclosed variation of a Rijndael or AES cipher. It may filter which media it encrypts according to either their locations or their formats, and always appends a new '.locked' extension to the names of any files it damages. This feature loads without an external GUI, although users who pay close attention to all active memory processes may notice the additional process that the Cyber Police Ransomware spawns.
Malware experts found the most uncharacteristic features in the Cyber Police Ransomware's ransom notes to the victims, which it creates in both desktop wallpaper and Notepad TXT formats. Both messages claim that the victim's PC is under a lock-down as a penalty from an unspecified 'cyber police' agency that's penalizing pirated software usage. The image-based message also includes misappropriated assets from the Games Workshop's 'Warhammer' setting instead of any legal emblems or symbolism. The threat actors also include a traditional ransom demand of Bitcoins, priced for casual PC users appropriately, rather than corporate victims.
Don't Get Handcuffed by the Wrong Police
The Cyber Police Ransomware's use of an Adobe software disguise for its executable file is in-name-only and lacks a digital signature or other characteristics that would imply that it's a legitimate Adobe product. Taking this strategy in conjunction with other aspects of its payload, malware experts rate it highly likely that victims could encounter the Cyber Police Ransomware while browsing websites or file-sharing networks oriented towards software piracy and illicit content. Always scanning new downloads with appropriate security software can help identify the Cyber Police Ransomware and other versions of Hidden Tear without giving them the opportunity to damage your files.
If the Cyber Police Ransomware does lock any media on your PC successfully, malware experts recommend creating copies of these files to test their compatibility with free decryption software. The Hidden Tear family isn't known for using secure encryption methods, although other file-locking threats often employ less curable forms of data-locking attacks. Thanks to this Trojan's being a minor variant of a long-identified threat, most anti-malware programs should uninstall the Cyber Police Ransomware without problems.
There's nothing to gain from taking the word of any arbitrary stranger who claims to be a police officer. This seemingly obvious statement also applies to software like the Cyber Police Ransomware, which may use intimidating iconography and attacks, but has no legitimacy to support its demands for your money.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.