CyberSplitter 2.0 Ransomware Removal Guide

How to Remove CyberSplitter 2.0 Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Your files have been encrypted
Send $1 BTC amount of the account is
decrypted your files
“Cyber SpLiTTer Vbs”
Send to account Bitcoin
[34 random characters]


Hackers don’t give up. Even if their first attempt to create a dangerous infection fails, crooks try again. However, it’s hard to appreciate their persistence in this case. The CyberSplitter 2.0 Ransomware is a new variant of Cyber SpLiTTer Vbs. Unlike the original virus, this one actually succeeds in encrypting your files. You see, Cyber SpLiTTer Vbs managed to lock your PC screen but that was all. Its successor is much more problematic. That means you’ve fallen victim to one specifically harmful cyber infection. Ransomware programs in general are dreaded. Do you know why? Take your time to check out our article. Here you will find all the information you need about the virus. You must know what you’re up against, right? Ransomware is no threat to be taken lightly. Hence, there is a reason why most PC users cringe at the mention of its name. Furthermore, file-encrypting infections are on the rise right now. These programs allow crooks to gain easy revenue by blackmailing gullible people. Needless to say, hackers would never miss such a golden opportunity to cause damage. However, if you take adequate measures ASAP, there’s nothing to be worried about. The CyberSplitter 2.0 Virus follows the classic ransomware pattern. It gets activated as soon as it gets installed. As you could imagine, the installation itself happens completely behind your back. This pest then starts scanning your device. By doing so, CyberSplitter 2.0 locates all your private data. Yes, all of it. We’re talking pictures, videos, music, MS Office documents, presentations, etc. Ransomware doesn’t discriminate. After it finds your personal data, the parasite starts encryption. According to researchers, the algorithm used is AES-128. Thanks to this strong cipher, your information is now turned into gibberish. How can you tell whether your files are locked? If you see the .cyber splitter vbs extension added to them, it’s game over. This is a crystal clear indication your data is modified. Furthermore, the parasite is holding it hostage in attempts to scam you. Ransomware is nothing but a cyber fraud so you cannot afford any mistakes. While locking your information, CyberSplitter 2.0 creates Read_Me.txt files. Those are your ransom notes. You will find hackers’ instructions in all folders that contain encrypted data. In addition, your desktop wallpaper is changed too. As a result, you now see the ransom messages all the time. According to the notes, you need to make a payment. Cyber criminals demand 1 Bitcoin. That equals 960 USD at the moment. From now on, it’s very simple. If you pay the ransom, you get scammed.

How did I get infected with?

The most plausible explanation is that CyberSplitter 2.0 was sent to your inbox. As we mentioned, ransomware doesn’t rely on your active cooperation. It uses your distraction instead. For instance, hackers often attach the virus to some corrupted, fake email. All you have to do is open it. Voila. You end up downloading a nasty infection on your own computer. Keep in mind those emails appear to be perfectly harmless. They might be disguised as job applications or emails from a shipping company. The goal is to trick you into clicking them open. To prevent infiltration, delete emails/messages from unknown senders. Prevention is indeed the easier option. Stay away from illegitimate torrents, websites and software bundles. We would also recommend that you avoid third-party pop-ups. Ransomware might get spread online via exploit kits as well. Last but not least, it might use the help of a Trojan horse. Check out your device for more infections.

remove CyberSplitter 2.0

Why is CyberSplitter 2.0 dangerous?

The CyberSplitter 2.0 Virus is extremely virulent and aggressive. It goes without saying that it must be uninstalled on the spot. However, you should also keep in mind the parasite lies to your face. All of its instructions only have one purpose – to make you pay a ransom. Remember, hackers lock your files just so they could demand Bitcoins. In exchange for your money, crooks promise a special decryptor. Eventually, you’re supposed to unlock your inaccessible data. The only problem is that you would be making a deal with greedy cyber criminals. As you can tell, they are focused on gaining revenue. Freeing your files was never part of the picture so paying the ransom guarantees you nothing. Don’t be gullible to think hackers would keep their end of the bargain. They will provide no decryption key even if you pay. Therefore, don’t pay. Tackle the virus and uninstall it for good instead. To do so manually, please follow our detailed removal guide down below.

CyberSplitter 2.0 Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover CyberSplitter 2.0 Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with CyberSplitter 2.0 encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate CyberSplitter 2.0 encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment