Table of Contents:1. Introduction.2. History of ransomware.3. What is Cyborg Ransomware.4. How a ransomware can affect your device? 4.1. Trojans 4.2. Spam campaigns. 4.3. Fake software updater 4.4 Cracks5. How to protect yourself from a ransomware.IntroductionThere are many people who have so many important information or data stored in their computer or any devices that is why they are really afraid when a specific virus enters their computer but there are still some things that we do that causes a virus to enter our devices one of which is the ransomware specifically the cyborg ransomware.
History of ransomwareThe first documented ransomware was on 1989 which is the AIDS Trojan and also called PS Cyborg. A biologist Josep L. Popp sent 20,000 infected diskettes labeled as "AIDS information - Introductory Diskettes" to the WHO's international AID conference, after 90 reboots the trojan hid the directories and encrypted the names of the file to its customers. They asked for $189 to be sent to CYBORG corp to regain access.
What is Cyborg ransomware?It is a kind of malicious software discovered by
GrujaRS, this malware is considered as ransomware which is design to encrypt your data and will ask for ransom or payment to decrypt the data. Your files will be renamed with the extension of
".petra" examples,
picture.png.petra, intro.txt.petra. when you see that extension then you are under cyborg ransomware. Once the cyborg's process has finished, it will store a text file
("Cyborg_DECRYPT.txt) on your desktop and will change your wallpaper.
Text presented in CYBORG ransomware text file ("Cyborg_DECRYPT.txt"):------------------------ ALL YOUR FILES ARE ENCRYPTED BY CYBORG RANSOMWARE ------------------------
Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send one of your encrypted file and we decrypt it for free.
You must follow these steps To decrypt your files :
1) Send $300 bitcoin to wallet :9e3d4e3fad796f4eb15962b74fb2e55fe47
2) write on our e-mail :petra-mail.ru
Your personal ID :3N3LN3RJ7OBBQ90191NJ2F51N7K L02R2A99K75QKPKLOA79933
Name: CYBORG virus
Threat Type: Ransomware, Crypto Virus, Files locker.
Encrypted Files Extension: .petra
Ransom Demanding Message: Cyborg_DECRYPT.txt
Ransom Amount: $300 in Bitcoins
Cyber Criminals' Cryptowallet Address: 3N3LN3RJ7OBBQ90191NJ2F51N7KL02R2A99K75QKPKLOA79933 (Bitcoin)
Cyber Criminal Contact: petra-mail.ru
Detection Names: Kaspersky (HEUR:Trojan-Ransom.MSIL.Gen.gen), Fortinet (MSIL/Kryptik.OVF!tr), McAfee-GW-Edition (BehavesLike.Win32.Backdoor.tc), CrowdStrike Falcon (Win/malicious_confidence_80% (D)), Full List Of Detections (VirusTotal)
Symptoms: Cannot open files stored on your computer, previously functional files now have a different extension (for example, my.docx.locked). A ransom demand message is displayed on your desktop. Cybercriminals demand payment of a ransom (usually in bitcoins) to unlock your files.
Distribution methods: Infected email attachments (macros), torrent websites, malicious ads.
Damage All files are encrypted and cannot be opened without paying a ransom. Additional password-stealing trojans and malware infections can be installed together with ransomware infection.
This text file includes a message saying that your data has been encrypted by CYBORG and they will ask you a ransom or a payment of $300 in the bitcoin currency for decryption, and for the proof that they can decrypt your data, they will decrypt one file for free to show that the can still be encrypted by them. There is also an email address provided to contact them, those hackers used a strong way of encryption and cannot be "cracked" by free programs.
How ransomware can infect your device?Trojans, spam campaigns, fake software updater, software crack can spread the virus and the ransomware as well.
1. Trojans - is a malicious program that can infect the chain, it downloads and installs other malware.
2. Spam campaigns - it is used to send out emails containing some deceptive words and infectious attachments. Those mails are commonly highlighted as:
- priority
- official
- importantThese attachments can be in various formats:
- archive and executable files.
- Microsoft office documents(PDF, Docx, etc.)
- JavascriptsOpening one of these can trigger the sustem infection.
3. Fake software updater - it install a malware instead of installing new updates.
4. Cracks - infects the system by downloading and installing a malware,
How to protect yourself from a ransomware1. Suspicious and irrelevant emails should not be opened.
2. Use official and verified download channels
3. Software should be updated with functions/tools provided by legitimate developers.
4. Have a reputable anti-virus/anti-spyware suite installed and kept up-to-date.
Here is the text file from the CYBORG ransomware:
This is the picture of the encrypted data.
This is the picture of what will be your desktop after the process of CYBORG:
PS: Photos not mine.
https://www.pcrisk.com/removal-guides/16253-cyborg-ransomwarehttps://www.varonis.com/blog/a-brief-history-of-ransomware/#:~:text=The%20first%20documented%20and%20purported,trained%20evolutionary%20biologist%20Joseph%20L.&text=But%20after%2090%20reboots%2C%20the,files%20on%20the%20customer's%20computer.
