Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.


*

never

  • *****
  • 119
  • +23/-0
  • Network Administrator and Malware Researcher
      • View Profile
  • Publish
  • A new Cerber ransomware has been reported to roam around and encrypt user files left and right. It is reported by researchers to use .CERBER file extension after encrypting the files with a strong AES-256 encryption algorhithm. So far there is no known method to directly decrypt file encrypted by this ransomware, so we advise you not to bother sending any files for decryption. Instead we advise you to follow the file restoration manual in the removal article about Cerber ransomware where you can also find more information about the ransomware. We have suggested several file restoring alternatives and we hope this helps!

    N.B. This is an open forum topic. Here you may subscribe and wait for updates (if a decryption has been found), suggest ideas on how to remove and restore files and also provide your experience with Cerber. We will try to help the best way we can.
    Guilty is the love of The Sin.

    *

    Maykee092985

    • *
    • 1
    • +0/-0
        • View Profile
  • Publish
  • Re: Cerber Ransomware and .Cerber Encrypted Files - How To Restore Them?
    « Reply #1 on: March 27, 2016, 08:19:04 pm »
    hi everyone,

    my PC got infected by .cerber all of my files / folders got infected i dont have any idea how to restore my files all of my important personal and work files are there.
    #DECRYPT MY FILES #.html and #DECRYPT MY FILES #.txt and #DECRYPT MY FILES #.vbs are all saved on my folders Kindly help me how to restore my files. been reading some blogs but to no avail :( :(

    *

    jerry1972

    • *
    • 2
    • +0/-0
        • View Profile
  • Publish
  • Re: Cerber Ransomware and .Cerber Encrypted Files - How To Restore Them?
    « Reply #2 on: April 11, 2016, 09:34:40 am »
    Hi All,

    Unfortunately, I also became the victim yesterday. All of my files are encrypted as .cerber files. The first thing I shall do is purchase SpyHunter to remove all of malwares? Thanks.

    -Jerry

    *

    Execute

    • *****
    • 203
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Cerber Ransomware and .Cerber Encrypted Files - How To Restore Them?
    « Reply #3 on: April 11, 2016, 03:17:42 pm »
    Hi All,

    Unfortunately, I also became the victim yesterday. All of my files are encrypted as .cerber files. The first thing I shall do is purchase SpyHunter to remove all of malwares? Thanks.

    -Jerry

    Hello, Jerry.

    Purchasing an anti-malware tool like SpyHunter will not decrypt your files, or return them to normal.
    But it will stop the malware in your PC from continuing its activity and can protect you from future threats.
    Unfortunately, there is still no 100% working method for the decryption of files.
    There is no place like 127.0.0.1

    *

    jerry1972

    • *
    • 2
    • +0/-0
        • View Profile
  • Publish
  • Re: Cerber Ransomware and .Cerber Encrypted Files - How To Restore Them?
    « Reply #4 on: April 11, 2016, 06:14:40 pm »
    Hi All,

    Unfortunately, I also became the victim yesterday. All of my files are encrypted as .cerber files. The first thing I shall do is purchase SpyHunter to remove all of malwares? Thanks.

    -Jerry

    Hello, Jerry.

    Purchasing an anti-malware tool like SpyHunter will not decrypt your files, or return them to normal.
    But it will stop the malware in your PC from continuing its activity and can protect you from future threats.
    Unfortunately, there is still no 100% working method for the decryption of files.

    Hi,
    Regarding restoring the files, at this moment I shall try 'Shadow Explorer' first, and then 'Kaspersky Decryptors', and 'data recovery software' finally?? Is there any side-effect by using any of those methods? Is it possible to make things worse by doing so?

    Thanks.
    Jerry

    *

    Execute

    • *****
    • 203
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Cerber Ransomware and .Cerber Encrypted Files - How To Restore Them?
    « Reply #5 on: April 11, 2016, 07:34:31 pm »
    @Jerry1972, try everything you can!

    1.) If you have stopped the ransomware in its initial phases and you have Shadow Explorer turned on - you might have Shadow Volume copies that will still be there and work.

    N.B.! A side effect I can think of is if you already removed the malware from your PC and you select a date when the ransomware was already on your PC. That way, you can get the ransomware back and it might encrypt more stuff.

    2.) The Kaspersky decryptors look for a decryption key and files currently on your PC. No side effect - you either find a password and decrypt your files, or the decryptor gives you a message that no password is found.

    3.) Data Recovery Software tries to recover specific deleted files, unlike Shadow Exlorer returning files as a whole. I hope you haven't formatted any disk drives after the infection - not only that won't remove the malware completely, but it will prevent Recovery software to work, as the information from deleted files will be overwritten.

    No side effects - you see if you restored any files - you choose what to restore - pictures, documents and precisely which files - if you see something named .cerber - don't restore it.

    Conclusion: The 3 methods are different and it wouldn't hurt to try them all. It doesn't matter if you do them all or not. Doesn't matter in what order you do them. Just try doing only one method at a time. Because, the decryptors, for example, would need as much as computer resources as they can get.
    There is no place like 127.0.0.1

    *

    never

    • *****
    • 119
    • +23/-0
    • Network Administrator and Malware Researcher
        • View Profile
  • Publish
  • Re: Cerber Ransomware and .Cerber Encrypted Files - How To Restore Them?
    « Reply #6 on: August 10, 2016, 11:30:16 am »
    Hello,

    We have created instructions on how to decrypt your files via TrendMicro's latest decryptor for free. This is working only with the 1st variant of Cerber Ransomware.

    Instructions are available on this web link:

    http://sensorstechforum.com/decrypt-encrypted-files-cerber-ransomware/

    Make sure to leave a comment if you have any questions. We will make sure to respond as soon as possible.
    Guilty is the love of The Sin.

     


    Facebook Comments