Cerber ransomware seems to be adding random 4char extension and README.hta note.

Cerber ransomware what appears to be one of the best ever developed as of this time malware is yet again with a new variant. Since first discovered at beginning of 2016 Cerber was one of most widespread ransomware along with few more like locky. Cerber ransomware was attacking victims over the past few months with a constant flow and .cerber extension appended to encrypted files. Many attempts were made by security researchers to crack the virus and develop free decryption tool, many unsuccessful. However Cerber was left with no upgrades way too long, which led to cracking it and checkpoint was able to develop a working decryption tool. Yes good news but not for long. Cerber developers rushed in fixing the problem and came with an updated version, which was appending .cerber2 extension. Now we see a constant change of extension as .cerber3 was reported not long after .cerber2.

Cerber2 varinat was the one with most serious changes using Microsoft API CryptGenRandom to generate the key and encrypt files. Anyway all cerber variants will encrypt user data and demand a ransom in return of decryption. Unfotunatly there is no solution for the victims of this virus and no way to decrypt files for free. The only way to recover is to pay the ransom fee or recover from backup. Once attacked by cerber ransomware and files locked the virus will remove itself to prevent itself from submission and being examined. Anti-malware tool will detect and block cerber malicious behaviour, however it is too late and malware scan will report pc clean after encryption.

It was expected from cerber developers to follow the updates with numbers after the name cerber as: .cerber2 and .cerber3. However instead of .cerber4 the new variant mix things up with a random 4char extension appended to locked files along with a new ransom note “README.hta”.

Five cerber variants are so far reported. Oldest variants cerber and cerber2, which we will not descoust. What we will descoust are bout of cerber3 variants and the new cerber with ransom extension as those are in distribution.

Cerber3 ransomware note left to victim’s desktop is #HELP DECRYPT#.txt, “# HELP DECRYPT #.html” and “# HELP DECRYPT #.url” and latest cerber3 variant with “@___README___@.txt” note. Bout are in distribution as of this time. The ransom note also appears to be very long.

Some of the contents left by the ransom note #HELP DECRYPT#.txt file.

The new cerber ransomware note variant “README.hta” is simplified, may be to to make things easier and faster. As usual cerber will limit time and demand 1 BTC for the first first five days. If user decide to wait for a while and the time clock hits zero it will double the demand to 2 BTC. So from approximately 600 USD, victims will have to pay 1200 USD, however paying is not recommended due to numerous of reasons. Cerber payment service was reported to work properly so if necessary proceed with caution. All cerber variants have the voice talking to victims after background image change. When cerber is done talking it will it will remove itself from PC. Cerber ransomware will also provide the option to decrypt one file under 3mb for free to prove to victims that all works well and they will get what is promised.

Cerber ransomware with random extension note:

CERBER RANSOMWARE

Instructions

Can’t you find the necessary files?

Is the content of your files not readable?

It is normal because the file’s names and data in your files have been encrypted by “Cerber Ransomware:.

It means your diles are NOT damaged! Your files are modified only. This modification is reversible.

From now it is not possible to use your files until thay will be decrypted.

The only way to decrypt your diles safely is to buy the special decryption software “Cerber Decryptor”.

Any attempts to restore your files with the thied-party sofware will be fatal for your files!

Cerber ransomware appending ransom extension background is also modified to the following image:

How to protect against ransomware is most frequently asked questions in the past year. Since ransomware has become the biggest threat among all viruses, people ask themselves if there’s a way to protect from such. It is already too late if you once suffered ransom attack and file has been locked. For some there is a solution but for others disappointment. Either way popularity of ransomware rises and new development are presented every day.

What can we do against the battle with ransomware?

If you are already infected do not pay the ransom! Remove the virus and look for other solutions rather than paying. Paying the ransom may be your only option if you have really valuable data. However we do not recommend doing this because you will support the work of criminals. The risk of losing money and still stuck with encrypted files since there is no guarantee in any way that you will recover what one is lost.

Remove the virus and look for other solutions rather than paying. Paying the ransom may be your only option if you have really valuable data. However we do not recommend doing this because you will support the work of criminals. The risk of losing money and still stuck with encrypted files since there is no guarantee in any way that you will recover what one is lost. Security researcher are always working on recovery solutions. Not all ransomware are professionally developed and being cracked, but some are so good developed that there is no current way to be beaten at the current date. One of the solutions is system restore.

Best solution is if you have a backup, wipe your hard drive and perform system restore. If not, backup your data frequently. Store backup data in any removable storage device or use any online backup services.

Protect your computer with antivirus, internet security, anti-malware software or new developed applications like anti-ransomware. Highly recommended is to keep it up to date and use the paid surveys. We do not recommend free applications.

Now that you have been infected you have a few options:

Many suggest that you simply pay and hope that you will get all off your data back. However in this case you risk losing money and still being stuck with crypted files. We do not recommend this way simply because you will support the work of hackers and the more money thay get the stronger they will become.

The best option for you is if you have a backup, wipe your hard drive and perform system restore.

Use any type of anti malware software to remove Cerber 3 Ransomware.

NOTE: In this option the virus will be removed but the files will remain locked! You have to decrypt your files.

New research discovery shows how ransomware deletes files and substitute encrypted copy of them. It is not guaranteed, but it is a possibility that you may recover your files with data recovery software. Before trying to decrypt any files you can scan your computer for posible data loss.

Decrypt Cerber Ransomware files with random extension.

Good news is that we can now use decryption programs. A lot of security companies like Kasperky lab, bitdefender and more has developed a program that is fully capable of decryption key for ransomware malware. You can find this programs anywhere on the internet but it is strongly suggested to download this programs from official websites. NOTE: It may take a long time for your files to be decrypted depending on your PC performance.

Name – Cerber ransomware

Type Spamming – Malware, Ransomware, Trojan Horse

Danger Level – High

Brief Description – Encrypt files and demand ransom.

Symptoms – Poor pc performance or freezing, ransom massages.

Method – Via Trojan Horse or spam email.

Note: Removing Cerber Ransomware manually could be very risky and unpredictable!

To remove this virus we suggest you follow the step by step instructions we provided. Since ransomware virus creates variety of malicious modified registry entries and different files, we strongly advise you to use anti-malware tool. Removing the virus manually requires high computer skills and knowledge.