.cerber3 Virus Files: Can I Restore Them?

Cerber3 ransomware virus is already a fact, as accountable by several tweets by security researchers. The crypto virus is most likely appending the .cerber3 extension to victims’ encrypted files. The ransom note is titled # HELP DECRYPT #.txt. Not too long ago, the Cerber2 virus was reported to target and encrypt at least 50 file types, giving the victim 5 days to pay the ransom in the size of $175 in Bitcoin. If the victim crosses the given time, the amount is said to double. It’s still not known if Cerber3 continues the “tradition” established by its predecessor Cerber2, but we will provide new information as soon as it is available.

Cerber3 Virus Campaign – How Did It Start?

Cerber2 is still active in the wild but it’s expected for cyber criminals to terminate the operation and delete encrypted files of victims who haven’t paid the ransom.

The Cerber virus is also part of the ransomware-as-a-service scheme, which means that somebody may have bought and updated its code, hence the emergence of Cerber3. A vast report by security firm CheckPoint indicates that Cerber is definitely a quickly evolving RaaS operation. The highly profitable business of ransomware is no longer reserved only for skilled attackers who can write sophisticated encryption schemes and establish a steady infrastructure, researchers say. Particularly with Cerber3, non-professional cyber criminas may have connected with developers in closed forums. This is how the attackers could have obtained an undetected ransomware variant. This may be how the Cerber3 version emerged.

Researchers also report that Cerber affiliates currently operate 161 active campaigns, infecting 150,000 victims. The profit of the operation is said to be $195,000 for July 2016 alone. The worst part is that each campaign runs separately and uses a different distribution method and unique packer. According to CheckPoint, the most notable campaign primarily targets users in China and South Korea (Republic of Korea) and deployed the Magnitude Exploit Kit. Exploit kits have proven to be the best way to distribute ransomware. Cerber3 may be currently sold bundled with an exploit, be it Magnitude or some other, which means that the attack level may quickly reach a new high.

[CheckPoint] first discovered Cerber’s ecosystem thanks to an advertisement published by a threat actor named ‘crbr’ in February 2016, offering potential actors the opportunity to join the Cerber affiliates program. The ad was last edited in June 2016, indicating the ransomware is still available for purchase and that the information is up-to-date. The ad includes an extensive and accurate explanation about the malware itself, the landing pages, the partnership program through which the malware is sold, and the estimated profit.

Here is a translated version of crbr’s ad:

Q: Can I Encrypt .cerber3 Virus Files?

A: Having in mind that Cerber2’s encryption was quite successful and undecryptable, files encrypted by Cerber3 may also be impossible to decrypt.

However, we have already written a detailed tutorial for victims of Cerber, explaining how to decrypt files encrypted by the Cerber ransomware virus.

Note! Users affected by any version of Cerber are always advised to wait for a decryptor to be released by security professionals instead of funding the cyber-criminals through paying the ransom. The reason that some users have previously paid the ransom, hence providing a “return of investment” on the side of the criminals, allowed the latter to create Cerber2 and then Cerber3.

Users who are affected by Cerber3 are strongly advised to remove the ransomware from their systems. It is highly recommended to use an advanced anti-malware software because the ransomware may self-delete itself after encryption, but the exploit kit may still be residing on the computer. For maximum effectiveness, we recommended you to use the step-by-step removal below. Alternative file restoration methods are also available in the accordion below.

Manually delete Cerber3 Virus from your computer

Note! Substantial notification about the Cerber3 Virus threat: Manual removal of Cerber3 Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Cerber3 Virus files and objects

2.Find malicious files created by Cerber3 Virus on your PC

3.Fix registry entries created by Cerber3 Virus on your PC

Automatically remove Cerber3 Virus by downloading an advanced anti-malware program

1. Remove Cerber3 Virus with SpyHunter Anti-Malware Tool

2. Back up your data to secure it against infections and file encryption by Cerber3 Virus in the future

Back up your data to secure it against attacks in the future

IMPORTANT! Before reading the Windows backup instructions, we highly recommend to back up your data automatically with cloud backup and insure it against any type of data loss on your device, even the most severe. We recommend reading more about and downloading SOS Online Backup .

To back up your files via Windows and prevent any future intrusions, follow these instructions:

1. For Windows 7 and earlier

1. For Windows 8, 8.1 and 10

1. Enabling the Windows Defense Feature (Previous Versions)

1-Click on Windows Start Menu

2-Type Backup And Restore
3-Open it and click on Set Up Backup

4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.

5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.

6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by Cerber3 Virus.

1-Press Windows button + R

2-In the window type ‘filehistory’ and press Enter

3-A File History window will appear. Click on ‘Configure file history settings’

4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.

5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from Cerber3 Virus.

1- Press Windows button + R keys.

2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.

3- A System Properties windows should appear. In it choose System Protection.

5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from Cerber3 Virus is on.

Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.

2-Click on the Previous Versions tab and then mark the last version of the file.

3-Click on Apply and Ok and the file encrypted by Cerber3 Virus should be restored.