I wrote this article to help you remove CyberSplitter 2.0 Ransomware. This CyberSplitter 2.0 Ransomware removal guide works for all Windows versions.
CyberSplitter 2.0 ransomware or CyberSpLiTTer Vbs Ransomware 2.0 is a win-locker. This kind of computer virus is the most difficult to combat against. Upon entering a machine, it locks certain files and demands a ransom to decrypt them. CyberSplitter 2.0 ransomware applies a combination of AES and RSA ciphers to encrypt files. The origin of the infection is Russia. Specialists made a connection between CyberSplitter 2.0 ransomware and another virus. A win-locker called N-SpLiTTer or Кибер Разветвитель is a different version of the tool. CyberSplitter 2.0 ransomware has been developed by Russian hackers, though its interface is in English.
CyberSplitter 2.0 ransomware uses two propagation vectors. The win-locker is often spread through spam emails. The furtive program hides behind attached files. The host can be a document, a zipped folder, an archive, an image or a concealed executable. The spammer can use a macro or a script to facilitate the process of downloading and installing the win-locker. Opening the host will prompt the task of transferring the secluded program to your machine. We advise you to be cautious about your emails. Make sure a given message is reliable before following instructions from it. The contacts the sender has provided should match the coordinates of the entity he claims to be representing. In many cases, spammers write on behalf of existing organizations to lead users astray.
The other distribution technique CyberSplitter 2.0 ransomware utilizes is drive-by installations. This method depends on corrupted websites and compromised links as the host for the win-locker. All the user has to do to allow the clandestine program into his machine is to open the infected web page. In order to keep your system safe, you have to filter malicious domains. Do your research on unknown websites. Before following a link, make sure it has been provided by a reliable person. Keep in mind that hackers can break into users’ web accounts and send messages on their behalf. If you receive an unexpected message with a link included, you should contact the person to make sure it is legitimate.
The win-locker targets pictures, videos and documents. A voice message, played by a .vbs file, states the targeted file types. To be more precise, CyberSplitter 2.0 ransomware encrypts 95 formats. The win-locker appends the suffix .CyberSpLiTTer Vbs to the names of the encrypted objects. It drops a picture titled cybersplitter in every folder which contains infected files. The rogue program makes its intentions known through a ransom note. The file is titled Read@My.html. The win-locker loads the code of the file into the default internet browser. The message explains what has occurred.
This variant of CyberSplitter 2.0 ransomware asks for a payment of 0.5 bitcoins. This is half as much as the earlier versions of CyberSplitter 2.0 ransomware demanded. The cyber criminals have reduced the amount of the ransom. 0.5 BTC converts to about $453.99 USD. This is a high amount in its own right. People can contact the developers of CyberSplitter 2.0 ransomware per email. Their account is firstname.lastname@example.org. There is a limited amount of time to redeem your files. CyberSplitter 2.0 ransomware gives 76 hours to complete the payment. We do not advise users to meet the demands of the hackers. There is no guarantee that they will complete their end of the deal.
The authors of CyberSplitter 2.0 ransomware have selected a payment method which protects their identity. Bitcoins are a cryptocurrency, often used in online transactions. This payment method is the most safe because it protects the identity of the recipient. The cyber thieves behind CyberSplitter 2.0 ransomware can collect the payment without risking to be tracked down. Bitcoin accounts do not list information about their proprietors. The withdrawals are not traced to the financial accounts they are transferred to.
CyberSplitter 2.0 ransomware was discovered recently. Malware experts have not been able to crack the win-locker yet. While coders are working to develop a custom decrypter for the sinister program, people can try to perform a decryption using an alternative method. Note that the first step to solving the problem is to uninstall CyberSplitter 2.0 ransomware from your computer. Then you can try the methods listed below.
CyberSplitter 2.0 Ransomware Removal
Method 1: Restore your encrypted files using ShadowExplorer
Usually, CyberSplitter 2.0 Ransomwaredeletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since CyberSplitter 2.0 Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs: