Jump to content
Posted 10 July 2017 - 05:14 PM
Edited by VOskar, 10 July 2017 - 05:48 PM.
Posted 20 July 2017 - 01:51 AM
Someone in this topic wrote that has private.key file (not PK file), but I don't know who and cannot found his/her message. Maybe she/he will read this and contact me. :DThe private.key file is for offline decripting, internet connection isn't needed, and contains specific key, other for all victim. You can get it if you have payed and contact developers of cerber that decripting program not work.If anyone have it, please, contact me.Edit:OK, the PK file can also be.
Posted by cristy_an on 29 August 2016 - 05:05 PM in Ransomware Help & Tech Support
I received the Checkpoint decryptor cerber12dec.exe from a user who was in that date on checkpoint site.
I received a key and a cerber1 file from another user.
The decryptor works in this case, but you need the privatekey, i think the decryptor is the same for every user, but u need the key.
I mention that every final cerber file has the same rows in my case, this could gave us to the particular key, but is encrypted.
I have two keys and those structure are almost the same, but the characters are diferent, exception on the middle where are a lot of AAA on both files.
Have a good day.
Posted 02 August 2017 - 09:32 AM
Unfortunately for the time being, there is no free decryption solution for files encrypted by the newest Cerber ransomware versions.
However, professionnal and business recovery data services exist. It requests a lot of hard work and it is expensive (between 2700 € to 7000 € for 7 days of decryption work and more if it is an emergency !). We are partner of Doctor Web and other major recovery data companies.
We have more than 80 % data recovery success rate for Cerber ransomware files.
Evaluation is free and there is no obligation quotes.
Even if our website is in French (we are one of the French partner of Doctor Web), we support English request also.
Posted 02 August 2017 - 09:34 AM
Posted 17 August 2017 - 07:34 AM
What does it decrypt and what exactly does anyone know.
Posted 17 August 2017 - 05:30 PM
...analyzes all suspicious activities on your PC. It detects Ransomware attacks, blocks them and immediately restores any encrypted files.
Posted 17 August 2017 - 06:17 PM
Whether it is for an already encrypted compile or during an attack by Ransomwarе
If someone tries to share the excuse for the bad translation
Edited by nopermission, 18 August 2017 - 04:38 AM.
Posted 19 September 2017 - 03:21 PM
I found out what is going on here. TrendMicro's decrypted is for real Cerber (10_random_chars.cerber), but it is not real decrypter. It is able to "decrypt" only few types of encrypted files (pdf, zip, office documents, etc. files with known header or recoverable header), but decrypted files are not 1:1 image of the files before encryption.
The reason for that is that Cerber took up to 34 bytes from the header, replace them with random data, generates weak fast key and encrypts this information with generated RSA key. Then Cerber randomly choose few blocks (depends on the configuration file located in the resources of the cerber) and encrypts them with this weak fast key. This weak key can be exploited and guessed when you have all encrypted files, but it doesn't solve the whole problem, because 34 bytes from the header are still missing. These 34 bytes can be reconstructed or entirely omitted in several file types of course and that is how TrendMicro's decrypter for Cerber works.
I did run 2 test sets and it was able to "decrypt" only 7 files from 278.
It is posible reconstruct this 34 bytes in images files? => It is posible decrypt images by TrendMicro's decrypter?
I tried it and decrypt some files. But I can open them.
It is here another way how repair this images?
Posted 19 October 2017 - 08:04 AM
I just readed this arcticle https://www.bleepingcomputer.com/news/security/goodbye-cerber-hello-magniber-ransomware/ and was thinking: is this the path for the reveal of a final decrytor for Cerber???
Posted 26 October 2017 - 05:34 PM
Mi servidor de datos se encripto con un virus el cual encripto todos mis archivos a .cerber ademas que creo un usuario temporal para no utilizar nada de el, cree un disco de arranque con DLC y saque todos los archivos encriptados y el personal de la pagina https://www.certsi.es me ayudo, les mande mi caso a email@example.com y en 4 días me mandaron la solución, que fue un archivo executable llamado Decrypt.exe ademas de un archivo que era el password y funciono. Este programa me descripto todos los archivos sin problemas.
El servidor lo tuve que formatearlo pero no perdí mis archivos.
Posted 27 October 2017 - 01:31 AM
Muchas gracias por la information. Yo tambien tengo mis archivos personales enscriptados a .cerber (version V1 de .Cerber ransomware). He intentado descriptarlos a traves del .exe de Trend Micro pero sin exito. He leido el mensaje anterior y he enviado un correo con un archivo de muestra a "firstname.lastname@example.org". Como vivo en Grecia no sé si los de Certsi.es ayudan a personas fuera de España, pero estoy dendiente de su ayuda.
Muchas gracias por la information
Posted 27 October 2017 - 03:45 AM
I was infected with this virus in March 2016. Still no cure?
Posted 27 October 2017 - 06:05 AM
Posted 02 November 2017 - 10:06 PM
Can anyone confirm whether payment page of the CRBR ransomware is still active and running?
Lot's of report in Korea shows the victims can not even connect to payment page after both initial infection and after payment process.
Edited by samwiseOrgin, 03 November 2017 - 03:37 AM.
0 members, 0 guests, 0 anonymous users