Update 17 August 2016 - Check Point Software Technologies Ltd.
( Unfortunately this tool is no longer available) You can view a video tutorial of how to use this tool HERE. Victims of Cerber ransomware can use a decrypter called “Trend Micro Ransomware File Decryptor tool” to decrypt their files for free. Note! These are temporary addresses! They will be available for a limited amount of time! Note! This page is available via "Tor Browser" only.Īlso you can use temporary addresses on your personal page without using "Tor Browser". In the "Tor Browser" open your personal page here:
Download "Tor Browser" from and install it.Ģ. If you cannot find any (*_R_E_A_D_T_H_I_S_*) file at your PC, follow the instructions below:ġ. Inside there is the special file (*_R_E_A_D_T_H_I_S_*) with complete instructions To receive the private key and decryption program go to any decrypted folder, The only way to decrypt your files is to receive the private key and decryption program. Y0UR D0CUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
Text presented in _R_E_A_D_T_H_I_S_random_.txt file: Here’s a screenshot of this updated file: Update JCyber criminals have updated their ransom demanding message presented in a. The ransom amount at the time of writing this article was $499 payable in Bitcoins. Cyber criminals no longer provide the version number of this ransomware. The ransom demanding message is now presented in _README_.hta file. The most noticeable changes include the use of red colour for the desktop wallpaper. Update 1 December, 2016 - Cerber ransomware was updated by cyber criminals. Therefore, the only solution to this problem is to restore your system from a backup.Īfter encrypting files, Cerber ransomware changes desktop wallpaper: Unfortunately, at time of research, there were no tools capable of decrypting files affected by Cerber. It is also stated that users can only pay using the Tor browser and by following instructions within the indicated website. If the ransom is not paid within seven days, it doubles to 2.48 BTC. To download the decryptor, a ransom payment of 1.24 BitCoin (at time of research, equivalent to $546.72) is required. The #DECRYPT MY FILES#.vbs file contains a VBScript, which when executed, plays the message, “Your documents, databases and other important files have been encrypted!” through the computer speakers. The message within these files states that users can only decrypt their files using a decryptor developed by cyber criminals (called 'Cerber Decryptor'). Some variants of this ransomware disclose their versions - for example: "Cerber Ransomware 4.1.3", "Cerber Ransomware 4.1.5", "Cerber Ransomware 4.1.6", "Cerber Ransomware 5.0.0" ( the latest variant demands a ransom of $499) etc.ĭuring encryption, Cerber creates three different files ( #DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.html, and #DECRYPT MY FILES#.vbs) containing step-by-step payment instructions (never variants use " _READ_THI$_FILE_.hta", " _HELP_HELP_HELP_random.hta", " _READ_THIS_FILE.hta", “ _HELP_HELP_HELP_random.jpg", _R_E_A_D_T_H_I_S_random_.txt, _R_E_A_D_T_H_I_S_random_.hta and “ _!!!_README_!!!_random_.hta”, “ _!!!_README_!!!_random_.txt” files) in each folder containing the encrypted files. It is stated that payment of the ransom must fall within the given time frame (seven days), otherwise the ransom amount will double. Following successful infiltration, Cerber demands a ransom payment to decrypt these files. There are also variants of this ransomware that add. Notice that some variants of this ransomware add random file extensions - for example: “. cerber3) extension to each encrypted file. Cerber (also called CRBR Encryptor) is a ransomware-type malware that infiltrates systems, encrypting various file types including.