Ransomware Report

You can check the latest ransomware information.

title
Cipher ransomware infects ransomware by clicking on torrent websites, malicious advertisements, or executing email attachments.
Registration date
2023-01-23
views
13254

[ Cipher ransomware ]

[Virus/Malware Activity Report: Cipher Ransomware]

In response to a breach believed to be in the form of Cipher ransomware,
we would like to confirm the situation and provide a warning as follows.

Cipher ransomware

The ransomware is called Cipher and has an encrypted name. It appears that all files are being changed with the extension cipher8.

How it works

file version


[Figure 1 File version]


[Figure 2 File properties]

behavioral process

  • WMI command – Check specific process

    Check if there is a specific attack target such as SQL using WMI commands.


    [Figure 3 WMI command]

  • Force quit a specific process

    Forcefully terminates specific processes such as SQL using the CMD command.


    [Figure 4 Force termination of specific process]

  • Select attack target

    Attacks target removable or fixed disks.


    [Figure 5 Selection of attack target]

Infection results

The instructions file is created in each folder with the name !-Recovery_Instructions-!.html, and when encryption is performed, .


[Figure 6 Infection result 1]


[Figure 7 Infection result 2]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.


[Figure 8 Block message]


[Figure 9 Block message]

Watch the Cipher blocking video

Previous post

    • next post
    Crypto360 ransomware, a ransomware that encrypts all important data 360 degrees
    List
    WhiteDefender Term of Use|Privacy Policy
    Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
    Copyright ⓒEveryzone , Inc. All Rights Reserved.|