Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Cerber Ransomware help
#1
I have a friend whose computer is infected with cerber ransomware

All system and private files have been encrypted and can't be opened

Many of these files are important

Anyway to get rid of this infection and decrypt the files?

The hacker asked him to pay money to send him the decrypter tool!!!
Reply
#2
(10-02-2016 , 06:02 PM)tarekma7 Wrote: I have a friend whose computer is infected with cerber ransomware

All system and private files have been encrypted and can't be opened

Many of these files are important

Anyway to get rid of this infection and decrypt the files?

The hacker asked him to pay money to send him the decrypter tool!!!

Not sure if any of this will help. But you can try. And if you can get it broken and the computer back up. Yes please put Cryptovent or some Anti-Ransomeware back on the computer.

http://www.pcworld.com/article/2084002/h...mware.html

Little more reading, but if it helps, will be worth it. And Good Luck. Let us know if anything helps. We have got to put an end to this.

https://www.theguardian.com/technology/a...-infection
Reply
#3
(10-02-2016 , 06:12 PM)dandav51 Wrote:
(10-02-2016 , 06:02 PM)tarekma7 Wrote: I have a friend whose computer is infected with cerber ransomware

All system and private files have been encrypted and can't be opened

Many of these files are important

Anyway to get rid of this infection and decrypt the files?

The hacker asked him to pay money to send him the decrypter tool!!!

Not sure if any of this will help. But you can try. And if you can get it broken and the computer back up. Yes please put Cryptovent or some Anti-Ransomeware back on the computer.

http://www.pcworld.com/article/2084002/h...mware.html

Little more reading, but if it helps, will be worth it. And Good Luck. Let us know if anything helps. We have got to put an end to this.

https://www.theguardian.com/technology/a...-infection

Another quick link from the second link instead of all the reading if you like.

http://www.thewindowsclub.com/list-ranso...ptor-tools

And Good Luck again and keep us informed please.
Reply
#4
https://malwaretips.com/blogs/remove-cerber-virus/
Reply
#5
It is nearly impossible to restore encrypted data....looks to be lost ..even if the virus is removed

Any way to restore the encrypted data other than payment to the hacker?
Reply
#6
(10-02-2016 , 06:33 PM)tarekma7 Wrote: It is nearly impossible to restore encrypted data....looks to be lost ..even if the virus is removed

Any way to restore the encrypted data other than payment to the hacker?
No at the moment if any of the above links could not help you. It seems you have to pay to get them unlocked or they are gone.
Can you screenshot or do you know what ransom ware it is?
 
Everyone need a great security system and some anti-ransome ware on there computer. And please if you do not need it. Disable remote users.
Reply
#7
(10-02-2016 , 06:33 PM)tarekma7 Wrote: It is nearly impossible to restore encrypted data....looks to be lost ..even if the virus is removed

Any way to restore the encrypted data other than payment to the hacker?
 Check this out and see if it will work.

http://www.thewindowsclub.com/list-ranso...ptor-tools
Reply
#8
hi tarekma7 i found this online i hope this helps your friend fix his computer :   https://success.trendmicro.com/portal_kb...id=1114221   Downloading and Using the Trend Micro Ransomware File Decryptor
Updated: 30 Sep 2016 Product/Version: Antivirus+ Security 2016.All   Platform: Windows 10 32-bit  
SUMMARY
This guide provides the instructions and location for downloading and using the latest Trend Micro Ransomware File Decryptor tool to attempt to decrypt files encrypted by certain ransomware families.

As an important reminder, the best protection against ransomware is preventing it from ever reaching your system.  While Trend Micro is constantly working to update our tools, ransomware writers are also constantly changing their methods and tactics, which can make previous versions of tools such as this one obsolete over time.

Customers are strongly encouraged to continue practicing safe security habits:

Make sure you have regular offline or cloud backups of your most important and critical data.
Ensure that you are always applying the latest critical updates and patches to your system OS and other key software (e.g. browsers).
Install the latest versions of and apply best practice configurations of security solutions such as Trend Micro to provide mutli-layered security.
Trend Micro customers are encouraged to visit the following sites for more information on ransomware and prevention best practices:

Consumer (Home) customers may visit the following site: Consumer (Home) Customers' Guide on Ransomware: Introduction, Prevention and Trend Micro Security Solutions

Corporate (Business) customers may find additional information and guides here:  Corporate (Business) Customers' Guide on Ransomware: Solutions, Best Practice Configuration and Prevention using Trend Micro products

DETAILS
Supported Ransomware Families

The following list describes the known ransomware-encrypted files types can be handled by the latest version of the tool.

Ransomware File name and extension
CryptXXX V1, V2, V3* {original file name}.crypt, cryp1, crypz, or 5 hexadecimal characters
CryptXXX V4, V5 {MD5 Hash}.5 hexadecimal characters
TeslaCrypt V1** {original file name}.ECC
TeslaCrypt V2** {original file name}.VVV, CCC, ZZZ, AAA, ABC, XYZ
TeslaCrypt V3 {original file name}.XXX or TTT or MP3 or MICRO
TeslaCrypt V4 File name and extension are unchanged
SNSLocker {Original file name}.RSNSLocked
AutoLocky {Original file name}.locky
BadBlock {Original file name}
777 {Original file name}.777
XORIST {Original file name}.xorist or random extension
XORBAT {Original file name}.crypted
CERBER V1 {10 random characters}.cerber
Stampado {Original file name}.locked
Nemucod {Original file name}.crypted
Chimera {Original file name}.crypt
LECHIFFRE {Original file name}.LeChiffre
MirCop Lock.{Original file name}
Jigsaw {Original file name}.random extension
Globe/Purge V1: {Original file name}.purge
V2: {Original file name}.{email address + random characters}
 
* - CryptXXX V3 decryption may not recover the entire file (partial data decryption). Please see the section titled Important Note about Decrypting CryptXXX V3 below.

** - Please use the separate tool TeslacryptDecryptor 1.0.xxxx MUI below for TeslaCrypt V1 and V2 files. Both tools support V3 and V4. 

Obtaining and Executing the Tool(s)

Click the Download button below to obtain the latest version(s) of the Trend Micro Ransomware File Decryptor tool. Decompress (unzip) and then launch either the included RansomwareFileDecryptor or TeslacryptDecryptor exe file.
Download RansomwareFileDecryptor

Download TeslacryptDecryptor

Upon launch, users will be required to accept the End User License Agreement (EULA) to proceed.
After accepting the EULA, the tool will proceed to the main user interface (UI). From here, users will be presented with a step-by-step guide to perform the file decryption.
Anti-Ransomware   Copyright 2016 Trend Micro Incorporated.
Reply
#9
It is possible to remove the virus (although very difficult) but the data never restored

I think this virus needs the decrypter!! But the hacker is not trusted person to pay money
Reply
#10
If it is Cerber3 and Cerber4 version then bad luck, still no remedies.  Can you Attach any encrypted file over here ?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)