Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cerber Ransomware Support and Help Topic - CRBR Encryptor


  • Please log in to reply
1904 replies to this topic

#16 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:01 PM

Posted 28 February 2016 - 06:29 AM

But its in different location/partition with same name folder and its different date which the case occured. is it the correct .exe? because i didnt find any .exe regarding to these case

Yes, please restore that one (3rd one down). It may have modified the time/date.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


m

#17 God-father

God-father
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 28 February 2016 - 06:35 AM

 

But its in different location/partition with same name folder and its different date which the case occured. is it the correct .exe? because i didnt find any .exe regarding to these case

Yes, please restore that one (3rd one down). It may have modified the time/date.
 
xXToffeeXx~

 

 

Should i deactivate my antivirus when restoring these file? and after i uploaded this file,should i remove it? i'm affraid it will attack my other files. Thanks again for your fast response



#18 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:01 PM

Posted 28 February 2016 - 06:38 AM

Should i deactivate my antivirus when restoring these file? and after i uploaded this file,should i remove it? i'm affraid it will attack my other files. Thanks again for your fast response

Yes, just until you upload it. I will get a notification if you upload the file here. Once you have uploaded it, yes you can delete it.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#19 God-father

God-father
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 28 February 2016 - 08:36 AM

 

Should i deactivate my antivirus when restoring these file? and after i uploaded this file,should i remove it? i'm affraid it will attack my other files. Thanks again for your fast response

Yes, just until you upload it. I will get a notification if you upload the file here. Once you have uploaded it, yes you can delete it.
 
xXToffeeXx~

 

 

Hi Toffee,

 

I have uploaded the upnpcont.exe to the link which you have shared.  Please advice.

 

Thanks



#20 razor92

razor92

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 28 February 2016 - 11:34 AM

 

 

Should i deactivate my antivirus when restoring these file? and after i uploaded this file,should i remove it? i'm affraid it will attack my other files. Thanks again for your fast response

Yes, just until you upload it. I will get a notification if you upload the file here. Once you have uploaded it, yes you can delete it.
 
xXToffeeXx~

 

 

Hi Toffee,

 

I have uploaded the upnpcont.exe to the link which you have shared.  Please advice.

 

Thanks

 

Please share the binary with us too :) We will analyse it independently


Edited by razor92, 28 February 2016 - 11:34 AM.


#21 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:01 PM

Posted 28 February 2016 - 11:41 AM

Please share the binary with us too :) We will analyse it independently

Not executable, seems to be corrupted.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#22 razor92

razor92

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 28 February 2016 - 11:49 AM

 

Please share the binary with us too :) We will analyse it independently

Not executable, seems to be corrupted.
 
xXToffeeXx~

 

Thanks. Can you share the file ? I'm interested in the HEX dump etc.



#23 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:01 PM

Posted 28 February 2016 - 11:54 AM

Thanks. Can you share the file ? I'm interested in the HEX dump etc.

http://www.filedropper.com/upnpcont
 
Very odd. There's no file type that can be made out.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#24 razor92

razor92

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 28 February 2016 - 12:07 PM

 

Thanks. Can you share the file ? I'm interested in the HEX dump etc.

http://www.filedropper.com/upnpcont
 
Very odd. There's no file type that can be made out.
 
xXToffeeXx~

 

Atleast it does something......: https://malwr.com/analysis/MDU2ZDhkOTVmNzBjNDg3NGE4MjgzNjFlNGU5ZmYxYjI/

The file could be made corrupted by the malware itself while running in memory. If so, this might be a new technique..

 

I hope there will be people which are able to share the actual/useful binaries with us! So visitors, if you're infected. Please get in touch with us using this thread.

 

jUXGNYE.png


Edited by razor92, 28 February 2016 - 12:52 PM.


#25 God-father

God-father
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 28 February 2016 - 07:50 PM

 

Thanks. Can you share the file ? I'm interested in the HEX dump etc.

http://www.filedropper.com/upnpcont
 
Very odd. There's no file type that can be made out.
 
xXToffeeXx~

 

 

 

 

 

Thanks. Can you share the file ? I'm interested in the HEX dump etc.

http://www.filedropper.com/upnpcont
 
Very odd. There's no file type that can be made out.
 
xXToffeeXx~

 

Atleast it does something......: https://malwr.com/analysis/MDU2ZDhkOTVmNzBjNDg3NGE4MjgzNjFlNGU5ZmYxYjI/
The file could be made corrupted by the malware itself while running in memory. If so, this might be a new technique..
 
I hope there will be people which are able to share the actual/useful binaries with us! So visitors, if you're infected. Please get in touch with us using this thread.
 
jUXGNYE.png

 

 

Hi all,

 

Thanks for update. Is it corrupt because of the data recovery software cant get back data normally or because of malware itself? Do you need me to restore this file again?

 

sorry for asking quite bit of rush and to much because i need use my laptop again, so what should i do with my laptop?

My data still encrypted and i dont know if the malware/ransomware still in my laptop.

Is it the file which encrypted is also contain the virus?

From my perspective,there is nothing we can do until the other victim report to this thread to gain some other information to break these encryption,isnt it?

 

Thanks before again for helping.


Edited by God-father, 28 February 2016 - 07:51 PM.


#26 razor92

razor92

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 29 February 2016 - 08:55 AM

Hi God-Father,

 

For now.. there is not much you could do I think. You might backup the encrypted files, and store it somewhere locally. The decrypter could be built in the future, with you may use that moment for decrypting your encrypted files.

 

If you could restore the malware binary it would be great, so we could analyse it further. If that's not possible, no rush. We'll get it somehow anyway :)



#27 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:01 AM

Posted 29 February 2016 - 10:00 AM


As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. If that is not a viable option and if there is no fix tool, the only other alternative is to save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time.

Grinler, (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#28 MalwareBlocker

MalwareBlocker

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Everywhere
  • Local time:05:01 PM

Posted 03 March 2016 - 11:54 AM

Here you can find some new information and samples of Cerber: https://twitter.com/malwrhunterteam/status/705428353440948228



#29 Gomez123

Gomez123

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 19 March 2016 - 02:20 AM

hi..

 

why the Topic won't be continiued? It's very important.

 

My Computer got infected by the same way last night. and I lost everything. all my datas are crypted and useless now. the whole Computer of huge important data base. 5 years of work, Money, and important files. I have made no second backup. no Windows restore Point too.

 

 

is there any possible solution that might come? maybe in the future? and how Long this would take? i see the mailware is alrdy out for some months, and there are still no decrypt possibilites.

 

I don't know what to do now.

 

 

If I lost all the files forever, this would hurt me alot. I am totally down at the Moment and don't know what to do. I rly could cry.

 

 

I could not find at Google, that pple are working for a solution to decrypt These files. this Topic was not updated. other Google Posts too.

 

so how this will end? Is there nothing we can do against?

 

I Need my files back essentially.

 

I appreciate every help.

 

 

I would rly pay the 500 Dollars, to get my files back. they are much more worth to me. does someone know if they would restore my files after paymend, or is it just the next way of betrayal?

 

were there any Solutions in the past, where pple made their own decrypt Tools and fixed alle the files by their own? is it worth to wait? or secure? will there be any solution do back-crypt my files, if I just wait some months?

 

if they rly would share the .cerber decrypter Software, after payment, pple could share the Software then next for free, and everybody could fix their files right now. or? if someone bought it. - so they would never give such a Software out, even if you pay? because there would be an online fix aviable?

 

 

ty for repply


Edited by Gomez123, 19 March 2016 - 02:57 AM.


#30 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:01 AM

Posted 19 March 2016 - 06:02 AM

When or if a solution is discovered, that information will be provided in this support topic and you will receive notification if subscribed to it.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users