.cerber3 Virus Files: Can I Restore Them?
THREAT REMOVAL

.cerber3 Virus Files: Can I Restore Them?

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Cerber3 Virus and other threats.
Threats such as Cerber3 Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

decrypt-ransomware-stforum

Cerber3 ransomware virus is already a fact, as accountable by several tweets by security researchers. The crypto virus is most likely appending the .cerber3 extension to victims’ encrypted files. The ransom note is titled # HELP DECRYPT #.txt. Not too long ago, the Cerber2 virus was reported to target and encrypt at least 50 file types, giving the victim 5 days to pay the ransom in the size of $175 in Bitcoin. If the victim crosses the given time, the amount is said to double. It’s still not known if Cerber3 continues the “tradition” established by its predecessor Cerber2, but we will provide new information as soon as it is available.


Cerber3 Virus Campaign – How Did It Start?

Cerber2 is still active in the wild but it’s expected for cyber criminals to terminate the operation and delete encrypted files of victims who haven’t paid the ransom.

The Cerber virus is also part of the ransomware-as-a-service scheme, which means that somebody may have bought and updated its code, hence the emergence of Cerber3. A vast report by security firm CheckPoint indicates that Cerber is definitely a quickly evolving RaaS operation. The highly profitable business of ransomware is no longer reserved only for skilled attackers who can write sophisticated encryption schemes and establish a steady infrastructure, researchers say. Particularly with Cerber3, non-professional cyber criminas may have connected with developers in closed forums. This is how the attackers could have obtained an undetected ransomware variant. This may be how the Cerber3 version emerged.

Researchers also report that Cerber affiliates currently operate 161 active campaigns, infecting 150,000 victims. The profit of the operation is said to be $195,000 for July 2016 alone. The worst part is that each campaign runs separately and uses a different distribution method and unique packer. According to CheckPoint, the most notable campaign primarily targets users in China and South Korea (Republic of Korea) and deployed the Magnitude Exploit Kit. Exploit kits have proven to be the best way to distribute ransomware. Cerber3 may be currently sold bundled with an exploit, be it Magnitude or some other, which means that the attack level may quickly reach a new high.

[CheckPoint] first discovered Cerber’s ecosystem thanks to an advertisement published by a threat actor named ‘crbr’ in February 2016, offering potential actors the opportunity to join the Cerber affiliates program. The ad was last edited in June 2016, indicating the ransomware is still available for purchase and that the information is up-to-date. The ad includes an extensive and accurate explanation about the malware itself, the landing pages, the partnership program through which the malware is sold, and the estimated profit.


Here is a translated version of crbr’s ad:

cerber-cerber3-raas-checkpoint-sensorstechforum


Q: Can I Encrypt .cerber3 Virus Files?

A: Having in mind that Cerber2’s encryption was quite successful and undecryptable, files encrypted by Cerber3 may also be impossible to decrypt.

However, we have already written a detailed tutorial for victims of Cerber, explaining how to decrypt files encrypted by the Cerber ransomware virus.

Note! Users affected by any version of Cerber are always advised to wait for a decryptor to be released by security professionals instead of funding the cyber-criminals through paying the ransom. The reason that some users have previously paid the ransom, hence providing a “return of investment” on the side of the criminals, allowed the latter to create Cerber2 and then Cerber3.

Users who are affected by Cerber3 are strongly advised to remove the ransomware from their systems. It is highly recommended to use an advanced anti-malware software because the ransomware may self-delete itself after encryption, but the exploit kit may still be residing on the computer. For maximum effectiveness, we recommended you to use the step-by-step removal below. Alternative file restoration methods are also available in the accordion below.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...