CIA Special Agent Scam

What is "CIA Special Agent"?

"CIA Special Agent" is a screen-locking virus discovered by Pieter Arntz. Cyber criminals responsible for the development of "CIA Special Agent" have previously released two other similar viruses: 1) Your Windows Has Been Banned, and; 2) M4N1F3STO.

"CIA Special Agent" malware infiltrates the system and locks the computer screen. The displayed pop-up contains a ransom-demand message.

The message states that files have been encrypted and that they can only be restored using a unique decryption key. This key is supposedly stored on a remote server controlled by cyber criminals. Thus, victims must pay a ransom equivalent to $100 in Bitcoins. If payment is not submitted within five days, the price increases to $250, and then $500.

Victims are also warned that closing the pop-up and removing the "CIA Special Agent" malware will make it impossible to restore encrypted files. Despite these threats, never attempt to contact these people or pay any ransom.

Research shows that cyber criminals often ignore victims, despite submitted payments and there is a high probability that paying will not deliver any positive result - you will simply be scammed. By paying, you will merely support cyber criminals' malicious businesses.

Fortunately, Siri Kropac analyzed teh M4N1F3STO executable and retrieved an unlock code, which also works for "CIA Special Agent" malware (twitter post). Therefore, there is no need to pay any ransom. If, however, you are infected with ransomware that is impossible to decrypt/remove, restore your files/system from a backup.

The Internet is full of ransomware-type viruses that encrypt files (although "CIA Special Agent" does not not perform any encryption, it has similar characteristics). Examples include PayDay, Sage, RenLocker, ASN1, and many others. There are only two major differences between these viruses: 1) cost of decryption, and; 2) encryption algorithm (symmetric/asymmetric).

Cyber criminals often spread these viruses via spam emails (infectious attachments), peer-to-peer (P2P) networks and other third party download sources (freeware download websites, free file hosting websites, etc.), fake software update tools, and trojans.

For this reason, you should never open files received from suspicious emails or download software from unofficial sources. Furthermore, cyber criminals are capable of exploiting software bugs/flaws to infect the system. Therefore, keep your installed applications up-to-date and never use third party update tools. Using a legitimate anti-virus/anti-spyware suite is also essential.

"CIA Special Agent" error message:

IMPORTANT! PLEASE READ!
Unfortunately the files on this computer (documents, photos, videos) have been encrypted using an extremely secure and unbreakable algorithm. This means that the files are now useless they are decrypted using a key.
The good news is that your files are not lost forever! This tool is able to rescue the files on your computer for you! BY PURCHASING A LICENSE FROM US, WE ARE ABLE TO RESCUE YOUR FILES 100% GUARANTEED FOR EVERY LOW EARLY BIRD PRICE OF ONLY $100 USD!* In 5 days however, the price of this service will increase to $250 USD, and after $500 USD.
Payment is accepted in Bitcoin only. You can purchase Bitcoin very easily in your area by bank transfer, Western Union, or even cash. Visit www.localbitcoins.com to find a seller in your area. You can also google Bitcoin Exchanges to find other methods for buy-in Bitcoin.
Please check the current price of Bitcoin and ensure your are sending the correct amount before your payment! Visit www.bitcoinaverage.com for the current Bitcoin price.
After making your payment, please wait up to 24 hours for us to make your key available. Usually done in much less time however.
IMPORTANT: Once the key is available and you click”Decrypt Files:. please wait and let the decryption process completely before closing this tool. This Process can take from 15 minutes to 2+ hours depending on how many files need to be decrypted. You will get a notification that the decryption process is complete, at which time your can click “Exit”. Removing this tool from your computer without first decrypting your files will cause your files to be lost forever.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "CIA Special Agent"?
• STEP 1. "CIA Special Agent" virus removal using safe mode with networking.
• STEP 2. "CIA Special Agent" virus removal using System Restore.

"CIA Special Agent" virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking Prompt.

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button.

In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

Video showing how to start Windows 10 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the "CIA Special Agent" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove viruses using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

3. Next, type this line: rstrui.exe and press ENTER.

4. In the opened window, click "Next".

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the "CIA Special Agent" virus infiltrating your PC).

6. In the opened window, click "Yes".

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the "CIA Special Agent" virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk.

Some viruses disable Safe Mode making its removal complicated. For this step, you require access to another computer. After removing "CIA Special Agent" virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.

Other tools known to remove this scam:

• Malwarebytes Anti-Malware

▼ Show Discussion