Ransomware Cyber Police

The Cyber Police ransomware has been making headway on ransomware information channels. It was discovered by Lawrence Abrams and is based on an older ransomware project called HiddenTears.

Cyber Police Ransomware usually targets personal computers and servers rather than organizations.

The attackers’ idea is to pose as a type of cybercrime fighting unit called “Cyber Police.” To break into the victim’s environment, the operators use means such as Trojans, fake software update tools, but the most common is still spam e-mail campaigns.

Having access to the environment, the attackers take advantage of system vulnerabilities to encrypt the machine’s data using AES encryption. All infected files are renamed with the .locked extension, which makes them completely inaccessible without the decryption key.

After encryption, the Cyber Police ransomware changes the desktop wallpaper and then creates a “READ_IT.txt” file.

This step in the process is where the attackers’ sense of impersonating a cybercrime fighting unit lies. The message used in the wallpaper and text file states that the system has been locked down due to the use of unauthorized software and the files have been encrypted.

Furthermore, it states that a special decryption key is needed to restore the files. To obtain this key the victim would have to pay a $100 fine in Bitcoin.

Unfortunately, this new tactic seems to be quite effective, as many victims, giving credence to the veracity of the information, have paid the said “fine”.

However, it is now possible to recover the data without having to pay any fine or ransom or having the need to use a decryption key.

Recover files encrypted by Cyber Police ransomware

For over 23 years, Digital Recovery has been helping businesses recover their data. We have accumulated a wealth of knowledge over the years, which has allowed us to become one of the leading ransomware recovery companies.

Our professionals have created innovative and incredibly successful solutions. Today, virtually any infected storage device, including servers, databases, virtual machines, RAID systems and more, can be recovered.

Because Digital Recovery recognizes how crucial data preservation is, we have created a tailored Confidentiality Agreement (NDA) for the situation.

We create unique technologies that speed up the procedure and improve the results to give you a better experience with our services. These solutions are often performed remotely.

Talk to one of our experts and ask for a diagnosis right now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.