The AllCiphered ransomware is a dangerous cyber threat that belongs to the MedusaLocker ransomware family. This type of malware is notorious for encrypting victims’ files and demanding a ransom for their decryption. If you find yourself facing this attack, it’s crucial to understand how it works, how to remove it, and how to prevent future infections.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with Spyhunter
Download Spyhunter now, and scan your computer for this and other cybersecurity threats for free now!
What is AllCiphered Ransomware?
AllCiphered is a form of ransomware that encrypts files on a victim’s computer and appends the .allciphered70 extension (the number may vary depending on the ransomware variant) to each affected file. For example, a file named 1.jpg could be renamed to 1.jpg.allciphered70, and similarly for other files such as documents, images, and videos. This encryption makes the files inaccessible unless a ransom is paid to the attackers, who claim they will provide the decryption key.
After encryption, AllCiphered generates a ransom note titled How_to_back_files.html. This note informs victims that their files have been encrypted using strong cryptographic algorithms (RSA and AES) and warns them not to attempt to restore the files with third-party software, as doing so could permanently damage the files. The ransom demand also states that the attackers have exfiltrated confidential data from the compromised system and threaten to leak or sell this data unless the ransom is paid.
The Ransom Note
The ransom note contains the following key points:
- Personal Identification: A unique identifier is provided to the victim.
- Encryption Details: The files have been encrypted with RSA and AES cryptographic algorithms, which are extremely difficult to crack without the attackers’ decryption tool.
- Ransom Demand: The attackers demand payment, typically in cryptocurrency, in exchange for the decryption key.
- Threats of Data Leak: The attackers claim to have stolen personal or confidential data and threaten to release or sell it if the ransom is not paid.
- Free Decryption Test: The attackers offer to decrypt a few sample files to prove they can restore the data, but this is just a ploy to build trust before the ransom is paid.
The email addresses associated with the ransomware’s perpetrators are help@jexu.org and help@aminyx.com.
Text presented in the ransom note:
YOUR PERSONAL ID:
–
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
email:
help@jexu.org
help@aminyx.com
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON’T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
How Does AllCiphered Ransomware Infect Computers?
Ransomware like AllCiphered is primarily spread through various malicious methods, including:
- Phishing Emails: Malicious email attachments containing macros or disguised as legitimate documents (e.g., invoices, reports, etc.) can be used to deliver the ransomware.
- Torrent Websites: Downloading files or software from untrusted sources can result in malware infections.
- Malicious Ads: Malvertising or deceptive ads may lead to drive-by downloads of ransomware.
- Software Cracks: Downloading cracked software or tools from unofficial sources often comes with hidden malware.
Additionally, ransomware can spread via local networks and removable storage devices, such as USB drives, making it even more dangerous.
Symptoms of AllCiphered Ransomware Infection
Victims of AllCiphered ransomware will notice the following symptoms:
- File Inaccessibility: Files that were previously accessible will no longer open. They will have a new extension (e.g.,
.allciphered70), making them unreadable. - Ransom Note: A ransom note (named
How_to_back_files.html) will appear on the victim’s desktop, outlining the ransom demand and the threat of data exposure. - Slow Performance: The encryption process can slow down the system as files are being locked.
How to Remove AllCiphered Ransomware
If your computer is infected with AllCiphered ransomware, the first priority is to remove the malware to prevent further damage. Here’s a step-by-step guide on how to remove AllCiphered ransomware using SpyHunter, a trusted anti-malware tool.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with Spyhunter
Download Spyhunter now, and scan your computer for this and other cybersecurity threats for free now!
Step 1: Disconnect from the Internet
Disconnect your device from the internet to prevent the ransomware from communicating with its command-and-control server.
Step 2: Boot into Safe Mode
- Restart your computer.
- As it boots, press
F8(or the appropriate key for your system) to enter Safe Mode. - Select “Safe Mode with Networking” to disable non-essential programs and prevent ransomware from running.
Step 3: Install SpyHunter
- Download SpyHunter from a trusted website (you can use a clean computer to download the installer and transfer it via USB).
- Install SpyHunter on the affected computer.
Step 4: Scan for Malware
- Open SpyHunter and run a full system scan to detect AllCiphered and any other potential threats.
- Allow the software to complete the scan and remove any detected malware.
Step 5: Recover Your Files
- After removing the malware, attempt to recover your files from a backup (if available).
- If no backup exists, unfortunately, decryption without the attacker’s tool is generally not possible. Avoid using third-party tools, as they may corrupt the files.
Preventive Measures to Avoid Future Infections
To protect your system from ransomware like AllCiphered in the future, implement the following preventive measures:
- Use a Reputable Antivirus/Anti-Malware Program: Ensure that you have a reliable antivirus program, such as SpyHunter, running on your system at all times.
- Keep Your Software Updated: Regularly update your operating system, browser, and other software to patch security vulnerabilities.
- Backup Your Data Regularly: Maintain frequent backups of important files in multiple locations (external hard drives, cloud storage, etc.).
- Be Cautious with Email Attachments: Avoid opening email attachments from unknown senders. Always verify the legitimacy of the sender before downloading any files.
- Avoid Suspicious Websites: Do not visit untrusted or suspicious websites, especially when downloading files or software.
- Enable a Firewall: Use a firewall to block unauthorized access to your network and to monitor for suspicious activity.
- Educate Your Employees (If Applicable): Train your employees on recognizing phishing emails and safe internet practices to prevent infections.
Conclusion
AllCiphered ransomware is a highly dangerous threat that encrypts files and demands payment for decryption. As with all ransomware attacks, it is important to avoid paying the ransom, as there’s no guarantee the attackers will fulfill their promise. The best course of action is to remove the ransomware using reliable anti-malware software like SpyHunter and recover your files from a backup.
By staying vigilant and implementing strong security practices, you can protect yourself from future ransomware attacks.
