You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

h mohamad

  • *
  • 3
  • +0/-0
      • View Profile
Cerber ransomware,how can decrypt my files ?
« on: January 31, 2017, 08:22:19 pm »
Dear Sir /Madam,

Unfortunately two weeks ago my laptop infected by cerber ransomware and
all of my files in each drive except C: encrypted.I tried to fix it
with Ransomware File Decryptor but didn't work.
 I got my id of cerber ransomware that is version 4 or 5 . and also the file format is    85A2 .please kindly help me and inform me how can I decrypt my files.

I look forward to hearing from you as soon as possible.

Best Regards

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Cerber ransomware,how can decrypt my files ?
« Reply #1 on: February 07, 2017, 03:48:28 pm »
Hello, h mohammad


Unfortunately, at the moment there is no free decryption available. My question to you is did you reinstall your Windows after the infection, or did you remove it using anti-malware or other software ?

*

h mohamad

  • *
  • 3
  • +0/-0
      • View Profile
Re: Cerber ransomware,how can decrypt my files ?
« Reply #2 on: February 11, 2017, 08:01:39 am »
I didn't reinstall windows but I used antivirus software (Malwarebytes Anti-Malware ) and i'm not sure remove this virus ...please let me  know that can i decrypt my files? :(

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Cerber ransomware,how can decrypt my files ?
« Reply #3 on: February 14, 2017, 04:40:21 pm »
Hello, you can try a boot scan with Avast antivirus. It's for free. Simply download Avast and click on the magnifier icon after installing it. From there choose Boot Scan. If it's not available, look for Startup Scan. If this too is not available, locate Full Scan and initiate it. It includes boot time scan. This will restart your computer and scan it before it has booted any type of software and make sure you have removed the virus.

Another thing you can do to restore your files if they have been encrypted by this virus is look for step "2. Restore files encrypted by Cerber" in the article from the link below:

http://sensorstechforum.com/updated-cerber-ransomware-_readme_-hta-remove-restore-encrypted-files/

*

h mohamad

  • *
  • 3
  • +0/-0
      • View Profile
Re: Cerber ransomware,how can decrypt my files ?
« Reply #4 on: February 20, 2017, 05:12:10 pm »
Thank you so much for your guidance and advice . I tried to fix it with TeslacryptDecryptor 1.0.1569 MUI and Emsisoft Decryptor and also Stellar Phoenix Data Recovery Technicians License but unfortunately didn't work . However I tried Data Recovery Pro by Pareto Logic for some extension (.jpg) was worked but for my important files (pdf, word and excel ) couldn't  recognized. Actually  I'm student and  I can't pay money to ransom and also to buy this software  please kindly give me  another advice that I can decrypt my files .... Thank you for your time and consideration...

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
Re: Cerber ransomware,how can decrypt my files ?
« Reply #5 on: February 22, 2017, 10:00:15 am »
Hello, buddy.

There is one thing you can do, but it is purely theoretical. If you haven't removed the virus, you can try sniffing out the traffic from the infection file to hopefully find the decryption key while it is being sent to cyber-criminals. Here is more info on this:

http://sensorstechforum.com/find-decryption-key-files-encrypted-ransomware/

The downside of this method is that you have to be infected with Cerber and know how to sniff network traffic. Another downside is that the traffic is usually encoded in another format and even if there is a key, the cyber-criminals may have thought about obfuscating that as well.

Another method that you can attempt is try absolutely every single decryptor. But to do this you have to copy the encrypted files to a flash drive for example and test decryption tools only on copied files, because they may break the files indefinitely in case you are attempting to tamper with their structure (like a trap). Here are some free decryption tools and do not use them on the original files, please:

http://support.kaspersky.com/viruses/utility

https://decrypter.emsisoft.com/

There is also another option, but I am not sure that it can work. If you know what System Restore is and if you have set restore points on earlier time on your computer, you could attempt to restore it back to before the infection, but bear in mind that everything you have done after the infection may dissappear, so back it up. Technically System Restore only restores certain aspects of your PC, but not all of it. I am not sure but if your files are encrypted, they theoretically have modified settings on them. If System Restore brings back the old configuration and settings before the encryption(If you have set a restore point), you may succeed in restoring some documents. Here is full info on system restore thanks to howtogeek.com:

https://www.howtogeek.com/howto/windows-vista/using-windows-vista-system-restore/

Other than that, our team is actively researching for a universal solution against this problem, besides backup and we are yet to find one.

By the way, in the future, if you see malicious e-mails please check the attachments before opening them online. Here is one website that can help you with that:

ZipeZip.com

Before you open an attachment next time, simply upload it on this site. If it detects a virus, do not open the attachment. This is a very good and free way to protect yourself, but you have to make it your habit.

Best Regards and best of luck,

"never"